The best and by far the most widely used firewall for Unix is ipfw - which also happens to be the firewall that is built into OS X. The commercial firewalls may have a fancy GUI interface and generate lots of reports but they are no more secure than ipfw. The Brickhouse GUI front end has already been mentioned and it is an excellent way to configure ipfw.
If you do not want to pay the shareware price for Brickhouse, open Terminal and type "man ipfw" (without the quotes of course) and find out how you can configure ipfw from the command line. In programming from the command line, it helps if you are very familiar with internet protocols and the various ports used by different services on the internet, LAN, and perhaps more importantly, by worms.