Leopard Firewall – Not to be trusted
Heise has a great article about serious flaws in Leopard’s firewall.
The Mac OS X Leopard firewall failed every test. It is not activated by default and, even when activated, it does not behave as expected. Network connections to non-authorised services can still be established and even under the most restrictive setting, “Block all incoming connections,” it allows access to system services from the internet.
Sounds pretty serious.