Summary: According to http://support.apple.com/kb/HT1810 and my testing, Mac OS X Leopard's application firewall automatically allows code-signed applications to accept incoming connections, without any prompting from the user. According to http://developer.apple.com/documentation/Security/Conceptual/CodeSigningGuide/Introduction/chapter_1_section_1.html "It is highly recommended that you sign all code intended for use with Mac OS X v10.5 or later." Since all applications on your system are expected to be code-signed, this completely defeats the purpose of the application firewall! All developers will be code signing their apps, so all apps will automatically accept incoming connections without the user's knowledge or permission. Steps to Reproduce: 1. Launch System Preferences.app, select the Security Pane, and select the Firewall tab. 2. Select "Set access for specific services and applications". 3. The list of applications in the table should be empty. 4. Download Airfoil 3.2 for Mac http://www.rogueamoeba.com/airfoil/mac/. 5. Unzip Airfoil. 6. Launch Terminal.app, change to directory containing Airfoil.app 7. codesign --verify -v Airfoil.app 8. Verify that Airfoil has been code-signed: "Airfoil.app: valid on disk". 9. Connect to an Airport Express Base Station. 10. Launch Airfoil. Expected Results: I see a dialog "Do you want the application 'Airfoil' to accept incoming connections?". Actual Results: No dialog. If you open System Preferences, Security, Firewall again, Airfoil.app is on the list to accept connections! 17-Jun-2008 Jeff Johnson: Please don't close this bug as "works as designed". If that's the design, then the design is fundamentally flawed and ought to be changed. You can turn this into a feature request or whatever. 18-Jun-2008: Engineering has requested the following information in order to further investigate this issue: We cannot reproduce this problem on our system - the app was added to the UI list and we weren't prompted. Please attach your system configuration and /var/log/alf.log. 18-Jun-2008 Jeff Johnson: You did reproduce the problem: "the app was added to the UI list and we weren't prompted." That *is* the problem. Read my expected results vs. actual results.