[klausa]

Why does it require/involves kext? I'm genuinely curious, since I thought OS X comes with powerful ipfw. Is it some stripped down version?

[aparadja]

The main reason is to reduce the amount of dependencies to zero. I didn't want to enter the nightmare vortex of several applications managing a single firewall implementation.

Also, as I've lately been an embedded software guy, I saw no harm or fear in a little kernel code.

[sahirh]

Is it possible to use ipfw / pf to control outbound traffic based on the process that is initiating the connection? I skimmed the man pages but didn't see anything that looked promising.

[paxswill]

In addition to ipfw, Lion includes pf (off by default though, you need to modify a launchd plist to enable it).