Update: After revising more than once, the permanent link to the latest ipfw ruleset is http://securosis.com/publications/ipfw.html.

Over at Securosis, Rich and I posted a piece on using ipfw to increase your security. Leopard's new 'firewall' isn't a network firewall at all. It restricts applications' ability to listen on ports, rather than working at the level of the network stack, which means it cannot do things like allow ssh from home but not from the rest of the Internet. If you want classic packet filtering, it makes sense to use ipfw as well. We cooked up a starter ruleset for people to customize, with instructions on installing it using WaterRoof.