No subject

[Tegshjargal.A]

Hi there!
We have FreeBSD proxy server. (OS is Freebsd 5.2.)
All client computer was working with static ip address
such as :
ip address: 10.0.0.55
subnet mask: 255.255.255.0
default gateway: 10.0.0.1
Preferred DNS server: xxx.xxx.xxx.xx1
Alternative DNS server: xxx.xxx.xxx.xx2
I want to restrict some customers to access some ports.
But sometimes some blocked staffs are changing by permitted ip address so 
they access to foreign server.

my rule is :

# Disallow setup of all other TCP connections
${fwcmd} add deny tcp from any to any setup
...
${fwcmd} add pass tcp from 10.0.0.21,10.0.0.63 to any 4333 setup keep-state

How can I restrict it?

Thank you.
Tegshjargal.A