I had big trouble with the Advanced Firewall settings in Server Admin. I had a lot of double entries in the rules list, but could not delete them. If I moved them up or down, they were copied instead of being moved. If I enabled a disabled rule and saved it, it was automatically disabled again. Many rule numbers were duplicated with different contents.
So here's the fix: Disconnect your server from the internet, then in Server Admin, stop the firewall. Quit Server Admin and open Terminal. Type in the following:
$ cd /etc/ipfilter
$ cp ip_address_groups.plist ip_address_groups.plist.orig
$ sudo open ip_address_groups.plist
Check, edit, and correct all the rules. To see a list of ports, use cat /etc/services. To learn how to set up rules correctly use man ipfw. When all rules are correct, then:
$ sudo mv ipfw.conf.apple ipfw.conf.apple.orig
$ sudo ipfw flush
Start Server Admin, start the firewall, and check the Active Rules tab. If it is empty, make a dummy change in a rule and save. If everything looks good, bring your server online again.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20070208125722820