Existing users, 
From what I've found, BrickHouse is the best GUI application for accessing the built-in firewall ipfw. As such it is good for people who want more features than the simple preference pane, but don't want to work in the CLI. It is now up to 1.3 and has come far, but it still needs work to warrant a full five star recommendation and the requested cost. (I paid anyway.) Some problems that still exist are:
0. The author is unresponsive to emailed queries after two weeks.
1. When creating rules (filters), you cannot simultaneously create a rule to apply to both built-in Ethernet (en0) and wireless Ethernet (en1). The interface forces you to create a rule for one interface, then for the other. If you have a handcrafted custom ruleset that takes time to build, this will double your time. There should be an option in the GUI to apply rules to both (all) interfaces.
2. No matter the order in which you create custom rules, BrickHouse enters them in random order. You can drag and drop them into your preferred order, but this is extremely tedious and time consuming. An option to reorder the rules by port number (a standard method for configuring rules in the CLI) would be a big time saver instead of the current big time waster.
3. Editing rules by hand (either in the CLI or in BBEdit) and then reviewing them in BrickHouse causes the app to crash.
4. No longer works in 10.2.
5. Payment of the shareware fee does not seem to prompt any reply to queries about problems or suggestions for improvement.
Flying Buttress
advanced configuration for OS X's built-in firewall
Version: 1.4
nice start, needs work
Feedback Type: Commentary
Contributed by: dano3006 Monday, June 20 2005 @ 08:53 AM PDT
Product Platform: MacOSX
Used Product For: Over One Year
Recommend Product: YES
Comments
nice start, needs work soon(!) - macfixit1-rand
I certainly understand the demands of a full time job.
1. A year later and a new version 1.4 but the four tabs for Internal Modem still display, and the tabs do not display the far more important ethernet interface options.
2. Still no reply from the developer.
3. Requests for a change so that rules can be applied simultaneously to all interfaces still not fixed.
Thursday, June 29 2006 @ 11:39 AM PDT
nice start, needs work part 2 - dano3006
Additional items that need fixing:In the main interface there are tabs along the top that list the available interfaces (e.g. AirPort, Internal Modem, Built-in Ethernet). In 1.3 apparently there is a bug that causes four tabs for Internal Modem, and these can not be removed.
In rules for allow and deny, it would be nice if one rule could suffice for both rather than having to enter the rule twice for each. Also, setting the columns for "source" and "destination" with a single-sided arrow could be improved by making one column source, the other column destination, and then have arrows that point in one direction or the other, or both directions.
Reply to This
Monday, June 20 2005 @ 09:31 AM PDT