By default for reasons unknown, using…
client all allow
…in your config causes firehol to enable irc and ftp in-bound. This is probably a bug, and its something to do with the ALL_SHOULD_ALSO_RUN functionality in firehol, which is something to do with rule authors being able to have their rule included in all functionality.
Anyway to work around this rather nasty bug, add this line at the top of your /etc/firehol.conf config