When I setup a site to site IPSEC tunnel, between two m0n0wall units,
I did not have to setup any firewall rules. I could be wrong...but I
don't think you can setup IPSEC FW rules for the tunnel.
anyway, if you search this list for my name 'munyak' and 'ipsec', I
remember posting my IPSEC config file for m0n0wall-to-m0n0wall IPSEC.
Hope this helps