it is very limited in it's capabilities.
NoobProof and WaterRoof are both free (open source) firewall front-ends from hanynet.com that improve the flexibility of the Mac's built-in IPFW firewall.
WaterRoof is a very complex and powerful tool, which allows you to configure almost every aspect and option of "ipfw". And more, you can list/manage active connections or network files, do graphics log analisys, configure your mac as a router with bandwidth management with stateful rules and tons of other options. You need a good knowledge of "what a firewall is", and you should also have at least a basic ipfw knowledge.
NoobProof is a very easy tool. When you start it the first time you have a service list and you can choose to "allow" or "deny" connections to those services. So you have only to decide which service to allow, and then check "Activate NoobProof". You can also add selective "allow" and "deny", and you can delete or add new custom services in service list.
|Static rules list||x||x|
|Customizable dynamic service list||x|
|Customizable rules builder||x|
|Startup Script and Startup configuration||x||x|
|Import and export firewall configuration||x|
|Bandwidth Management (Dummynet)||x|
|NAT setup (Network Address Translation)||x|
|Dynamic rules (stateful firewall)||x|
|Ready rule sets||x|
|Logs parsing and graphic statistics||x|
|Network connections and applications list||x|
|Network connections selective block or limit||x|
|Appfirewall debug and logs listing||x|
|Interface list and DNS/WHOIS queries||x|