Perhaps I ought to explain what I want to do:

I want to limit all traffic to port 119 from outside the network to 64
kbps. Hopefully this should prevent me getting too high an internet
bill. I want to limit this traffic whether or not the connection was
initiated from inside or outside the firebrick. I don't mind about the
outgoing traffic.

As I want to limit traffic in reply to a session initiated on this side,
as well as traffic initiated outside, I guess I have to just limit all
port 119 traffic - is that right.

Should I limit TO WAN, FROM WAN, TO LAN or FROM LAN to 64 kbps for port
119 traffic, a combination of 2 of them or all of them?

Hi David

I've not checked u.n.p.a, hope I'm not duplicating replies
TO WAN is from the routing core to the WAN port (i.e. to your WAN
router)
If you just have traffic flowing between WAN and LAN, then just set the
rate TO and FROM WAN
If you want to prioritise certain traffic (e.g. VoIP QoS), then you want
to limit the rate TO/FROM WAN to just below what your link is capable
of, so all buffering takes place in the FireBrick, and none on your WAN
link (i.e. keep latency low)

With ADSL Max you need to find out what your line is actually capable
of, and set limits just below that

You can test whether you have got it right by prioritising ICMP, and
checking ping times stay low when running a TCP file transfer
OK, just set up a shaping rule to catch all traffic with target port
119, and put it in its own speed lane. The set the rate from WAN to
64kbps max
If session is initiated from inside, which is port 119, source or
target?
See my question above.

To clarify;
Shaping rules apply to sessions
Speed lanes apply to individual packets

I.e. the speed lane doesn't care which way the session was established,
but the shaping rule does. Note the 'Both Ways' option in shaping rules
makes them apply to sessions initiated both ways
FROM WAN

HTH