This is FreeBSD we're talking about! It would be an insult if there weren't already a firewall built in, and probably a more robust one than money could buy you for Windoze or the previous Mac OS, at that.
Check out the man page for ipfw as well as <a href="http://wopr.norad.org/articles/firewall/">this article</a>.
There is a firewall, of course. I find Brickhouse (can be found on versiontracker.com) to be an excellent app to configure OSX's firewall capabilities.
Download and build <a href="http://freshmeat.net/projects/portsentry/download/portsentry-1.0.tar.gz">Port Sentry<a>. It works just like you would want it to, and it stealths your ports. When building, type 'make bsd'.