Leopard should have introduced 11 new security features, among them the firewall should have been re-worked.

However as pointed in the leopard security firewall analysis by heise Security

It appears that there is still some problems with the firewall. For me the three keys point that Apple should fixe are :

1. Firewall need to be enable by defauflt. Better safe than sorry is the key to security. Since most people does not run network service it should not be a big deal any way.
2. When you ask for “Block all incoming connections” it should be apply to any protocol not TCP. For instance this policy does not apply to NTP query (UDP) or even Netbios announce (UDP) … That is totally lame. Note that you can activate UDP filtering in the advanced setting.
3. The last requirement is more arguable but still it deserves attention: Why do you have network service running by default ?

The combination of theses problems can lead to serious flaw for example : the NTP (Network Time protocol) shipped with Leopard is not the lastest (4.2.2 instead of 4.2.4). Imagine there is a flaw in it. Well with the firewall you should be enough safe to have the time to patch. But wait a minute, no you aren’t because the firewall is not activated! Even if you activate it and ask to “Block all incoming connections”, because NTP is a UDP protocol… Of course is you go to the firewall advanced setting you can block UDP traffic but what about the legendary OS X simplicity ?