Thanks alot for response. I have restarted bastille. (Is there any difference in issuing "service xxx restart" and "/etc/init.d/xxx restart" commands? The first one didn't work for me with bastille-firewall.)
The firewall seems to be on now, but the FTP service stopped to work. It seems there is a problem with passive transfer - it needs the whole port range open on firewall. Do I have to add this range to the list of open ports? I suppose the answer is yes, because you have already stated it is no major risk to have ports open.