Configuring a Firewall
A firewall blocks certain types of incoming traffic from the Internet while allowing outgoing traffic to the Internet. If you're running a firewall, your job is to configure it to allow incoming traffic in response to outgoing traffic from your users. For example, if your users try to access a website, you want traffic from web servers to reach the users.
If your network already has a firewall on another server or a router or other security gateway appliance, you may not need to run Lion Server's firewall. You do need to run a firewall on your Mac server if it's acting as an Internet gateway, with the Mac in between the Internet connection and the local network. You also need to run a firewall on the server if your Internet connection goes directly into a wireless router, and the router doesn't have a firewall built in or running on it. In this case, the server needs to be connected to the router via Ethernet.
Regardless of whether you're running a firewall on Lion Server or somewhere else, the next few sections provide useful information.
Port numbers used by Lion Server services
A firewall blocks incoming traffic through software ports (settings identified by port numbers) and by port type: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). A port can be open, which allows traffic to come through, or closed, which blocks traffic. Each service has a standard port associated with it. For example, the default port for IMAP e-mail is TCP ...