Mac OS X firewall explained

[Fahad]

1. Allow all incoming connections:

This is the most unsecured mode. OS X will allow any incoming connections to your computer. This is the default mode for Leopard. If you upgraded from Mac OS X 10.4.x, your Application Firewall will default to this mode.

2. Allow only essential services:

This is the most efficient mode.OS X will only allow limited list of services essential to the operation of your computer.

The system services that are still allowed to receive incoming connections are:

configd, which implements DHCP and other network configuration services
mDNSResponder, which implements Bonjour
racoon, which implements IPSec


3. Set access for specific services and applications:

This mode offers you the most flexibility. You can choose whether to allow or deny incoming connections for any application on your system.

You can click the "+" button to add an application to this list. You can select an application and click the "-" button to remove it. Control-clicking on the application name gives you the option to reveal the application's location in Finder.

Once you've added an application to the list, you can choose whether to allow or deny incoming connections for that application. You can even add command line applications to this list.

When you add an application to this list, Mac OS X digitally signs the application (if it has not been signed already). If the application is later modified, you will be prompted to allow or deny incoming network connections to it. Most applications do not modify themselves, and this is a safety feature that notifies you of the change.

Digitally signed applications

All applications not in the list that have been digitally signed by a Certificate Authority trusted by the system (for the purpose of code signing) are allowed to receive incoming connections. Every Apple application in Leopard has been signed by Apple and is allowed to receive incoming connections. If you wish to deny a digitally signed application you should first add it to the list and then explicitly deny it.

If you run an unsigned application not in the Application Firewall list, you will be presented with a dialog with options to Allow or Deny connections for the application. If you choose Allow, Mac OS X 10.5 will sign the application and automatically add it to the Application Firewall list. If you choose Deny, Mac OS X 10.5 will sign the application, automatically add it to the Application Firewall list and deny the connection.

Some applications check their own integrity when they are run without using code signing. If the Application Firewall recognizes such an application it will not sign it, but then it will re-present the dialog every time the application is run. This may be avoided by upgrading to a version of the application which is signed by its developer.

[vudo]

as for me for firewall i use ProteMac NetMine

[Irbis]

as for me for firewall i use ProteMac NetMine

Thanks. I began use Protemac NetMine too.

[Irka]

I tried NetMine because I have read a lot of good about it, and it is really cool app)

[Kleo]

You can use ProteMac NetMine. NetMine by ProteMac is a firewall for your Mac computer running OS X. It monitors and controls all the Internet and network activity of your computer.
NetMine

[klava]

protemac.com is very good site!!! I use ProteMac KeyBag PRO. (stealth keystroke recorder)
if you are interested in, you can read more here - KeyBag PRO

[zxzasa]

yes, i do prefer NetMine
as it have never stopped non-virus programms

[zxzasa]

for mac os x i would recommend NetMine

[zxzasa]

kinda good and simple keylogger too ProteMac KeyBag PRO is a stealth keystroke and password recorder for your Mac computer

[dinadana]

ha!
I just wanted to post about ProteMac NetMine, and saw that here are many good rewiews about this soft)
It's great!)
Mac OS X firewall - one more link)