[marios]

Regarding the firewall issue - doesn't OS X include OpenBSD's PF ? If it's the case, then you get great and easy firewalling. Provided you can actually configure it with $EDITOR + /etc/pf.conf. Having a GUI for PF doesn't make much sense when you have a rules syntax that is as expressive as PF's. There may be some edge cases where netfilter can do things that would require a work around in PF but in my eyes the latter wins when you look at the features + tooling + configuring package. Also there are some things PF can do that netfilter can't.