Researchers say Mac OS X Leopard’s firewall is full of holes. The “set access for specific services and applications” firewall setting might as well be the “allow all incoming connections” default. The only rule listed by ipFW is “65535 allow ip from any to any” That’s essentially an anti-firewall rule: It does nothing. Even at “block all incoming. connections,” I was able to connect from my Xubuntu laptop to the NTP (ntpd) on my Leopard laptop.”]
Source: https://www.darkreading.com/attacks-breaches/hole-y-leopard-