I've just got through my first ever 4.9 FreeBSD installation and have happily got apache13 and apache13_modssl up and running using ports (with some kind encouragement from EE). I'm at the point that I should let network traffic into the box on ports 80 and 443. As indicated in the start-up, only ports 25 and 22 are let in with the "moderate" firewall you get when you don't install a firewall.
Where is the firewalling for these two ports set up for the "moderate" firewall? I notice that /etc/defaults/rc.conf has firewall_enable="NO" and there is no override in /etc/rc.conf. Is there another mechanism for setting up firewalls that I ought to beware of?