Looks like an interesting program to manage specific services. What it seems to lack is the ability to do such things like drop syn packets from entire CIDR blocks. I am looking to open some services on my iMac, and want to restrict all access from certain geographic areas like all of apnic, lacnic, and much of eastern europe. Dropping all packets from 18.104.22.168/8 for instance is something which PF can do easily, but the interface to PF which Apple supplies is woefully deficient.
What I am looking for is a GUI front end to PF (pfctl). IceFloor seems to be the closest I have found. What I am concerned about is its effect on all the auto-magic OSX does. -- "Remember, remember the fifth of November. Gunpowder, Treason and Plot. I see no reason why Gunpowder Treason Should ever be forgot."
"People should not be afraid of their governments. Governments should be afraid of their people"
for things like IP addresses I would use IceFloor. But I would highly recommend not using any apple device as a firewall. They are very simple in design and do not assist in anything for network troubleshooting. I would recommend anything that runs DD-WRT or any other open WRT firmware. They provide a wide range of abilities and tweaks. Although, doing this on your laptop is a good idea as always when going out to the open world. You want to make sure you are covered not just behind the firewall at home.