[uris]

Is there a kernel extension involved ? What about blocking process e.g. from the terminal etc.

[aparadja]

Yes, there is a kext.

Currently, it doesn't block non-app-bundle processes. The main reason for the app's existence is to block nosy apps that discreetly contact their home servers. I can't think of many (or any) terminal apps that do the same thing.

[klausa]

Why does it require/involves kext? I'm genuinely curious, since I thought OS X comes with powerful ipfw. Is it some stripped down version?

[aparadja]

The main reason is to reduce the amount of dependencies to zero. I didn't want to enter the nightmare vortex of several applications managing a single firewall implementation.

Also, as I've lately been an embedded software guy, I saw no harm or fear in a little kernel code.

[sahirh]

Is it possible to use ipfw / pf to control outbound traffic based on the process that is initiating the connection? I skimmed the man pages but didn't see anything that looked promising.

[paxswill]

In addition to ipfw, Lion includes pf (off by default though, you need to modify a launchd plist to enable it).

[r00fus]

Aren't kexts the main reason for upgrade issues between OSX versions?

[aparadja]

Perhaps, but I'd say that it varies a lot. The kext here is more compatible with old versions than the UI.