If you trust all the boxes on your LAN, then all you need do is configure the firewall script builder at Eric's web site such that all LAN traffic is trusted. After you do that, you need not worry about specific rules for specific ports on the LAN side.
One little things I want to add...
I wouldn't recommend this if you have a wireless access point on your network. Wireless encryption keys are easily cracked and it's possible to make a homemade wifi antena that extends a malicious user's reach quite a bit.
If you have a wireless access point anywhere on your network, I would recomend leaving the local network as semi untrusted, or assign wireless connections to a different (untrusted) subnet.
For instance, I allow ssh connections from any local machine, but I do not export nfs mounts to the local network. Instead, I lock in each of my boxen by mac address and export only to a specific machine. (note: this is not fool proof, but should stop the common script kiddie/war driver)