Reader Jake Tesler is ready to set Lion's firewall on fire. He writes:
Back in the days of Tiger and Leopard, you had more fine-tuned control of your firewall. With Lion, you can add applications to the "allowed" list and have their network connections pass through the firewall. However, what if I want to manually add a TCP or UDP port?
As you've noticed, OS X's firewall, while potentially powerful, doesn't provide you with a lot of configuration options. This was done so that typical users wouldn't do The Bad Thing and make their Macs nearly unusable because of an ill-tweaked firewall.
But as I say, it's potentially powerful. The trick is getting to the settings you need. Terminal is certainly one avenue but why bother when there's Hanynet's donate-what-you-can-afford-please IceFloor? Like its revered siblings, WaterRoof and NoobProof (which you'd use for earlier versions of the Mac OS), it provides a graphic user interface to OS X's firewall.
In its primary window you find simple on/off options for select services including screen sharing, VPN, iTunes sharing, and ftp file transfer. But if you click on the Advanced Options button you'll reveal an Advanced Options window where you can add custom TCP and UDP ports. You can additionally create a whitelist and blacklist of IP addresses to always allow or always block traffic from particular addresses. If you want to dig even deeper click the Advanced Filtering button in this window and let your geek flag fly.