Ipfilter rules and advices

hi.
I'm new on this list.

Is this methode enought secure :

-> firewall# vi /boot/loader.conf
ipl_load="YES"

-> firewall# vi /etc/rc.conf
icmp_drop_redirects="YES"
defaultrouter="10.0.0.138"
gateway_enable="YES"
hostname="firewall.lookali.com"
ifconfig_rl0="inet 10.0.0.1 netmask 255.255.255.0" # interface wan
ifconfig_fxp0="inet 192.168.0.1 netmask 255.255.255.0" # interface lan
ifconfig_lo0="inet 127.0.0.1"
keymap="fr.iso.acc"
linux_enable="YES"
moused_enable="YES"
saver="daemon"
sshd_enable="YES"
usbd_enable="YES"

ipfilter_enable="YES"
ipfilter_flags=""
ipmon_enable="YES"
ipmon_flags="-Dsvn"
ipfilter_rules="/etc/ipf.rules"
ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
ipnat_enable="YES"

-> firewall# vi /etc/sysctl.conf
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1

-> firewall# vi /etc/ipnat.rules
#Autoriser le lan a sortir sur internet
map rl0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto

-> firewall# vi /etc/ipf.rules
# Autoriser le Traffic sur la loopback
#
pass in quick on lo0
pass out quick on lo0

# On bloque le traffic entrant - on decide apres
#
block in log on rl0 proto tcp from any to any
block in on rl0 proto udp from any to any
block in on rl0 proto icmp from any to any

# On bloque aussi le traffic sortant
# du firewall
block out on rl0 from any to any

#----------------------------------------------------#
# Protection WAN
# Règles Anti-spoofing
#
block in log quick on rl0 from 192.168.0.30/32 to any
block in quick on rl0 from 172.16.0.0/12 to any
block in quick on rl0 from 10.0.0.0/8 to any
block in quick on rl0 from 169.254.0.0/16 to any
block in quick on rl0 from 192.0.2.0/24 to any
block in quick on rl0 from 204.152.64.0/23 to any
block in quick on rl0 from 224.0.0.0/3 to any
block in log quick on rl0 from 127.0.0.0/8 to any

# now we are blocking packets that are too short to
# contain a complete header, or with source routing
# options (most-likely setted to bypass our firewall)
#----------------------------------------------------------------
block in quick on rl0 from any to any with frags
block in log quick from any to any with short
block in log quick on rl0 from any to any with opt lsrr
block in log quick on rl0 from any to any with opt ssrr
#----------------------------------------------------------------
# drop any IP packets with options set
# ipopts include lsrr and ssrr (source routed frags)
#----------------------------------------------------------------
block in log quick on rl0 from any to any with ipopts
#----------------------------------------------------------------
# Block nmap OS fingerprint attempts
# Log first occurrence of these so I can get their IP address
block in log quick on rl0 proto tcp from any to any flags FUP

block in log quick on rl0 proto tcp from any to 192.168.0.30/32 port = 113

# On autorise une connexion ssh sur le serveur
#
pass in quick on rl0 proto tcp from any to 192.168.0.30/32 port = 22 keep
state
pass out quick on rl0 proto tcp from any to 192.168.0.30/32 port = 22 keep
state

# On autorise le lan a sortir
#
pass in log on fxp0 proto tcp/udp from any to any keep state
pass in log on fxp0 proto icmp from any to any keep state
pass out log on fxp0 proto tcp/udp from any to any keep state
pass out log on fxp0 proto icmp from any to any keep state

# Si aucune règle matcher, refuser le paquet/connexion
block in log level local0.alert quick on rl0 from any to any
block out log level local0.alert quick on rl0 from any to any

Cordially
Nicolas M.