SNOW LEOPARD SERVER BUILT-IN FIREWALL

While Macs remain inherently secure due to a variety of factors, it's still possible to have to your Snow Leopard server hacked if you've assigned it a public IP address.  Using the built-in firewall in Snow Leopard server is a quick way to achieve better security, even if it's just a temporary solution until your network can be secured using more robust technologies. 

Select the Firewall service in Server Admin and allow only traffic from "any" to these ports:

TCP (outgoing)

TCP (established)

UDP Fragments

UDP outbound and responses to same port

DNS - responses to outbound queries

Serial number support

ICMP - echo reply messages (replies to outgoing pings)

ICMP - echo requests messages (incoming pings)

Next allow local lan traffic-- in many cases the built-in 10-net or 192.168-net default settings can be used by selecting Allow All Traffic.  If your network uses a different IP range, create a group using the CIDR notation for your network range and Allow All to that group.  For example, Group Name = LAN, addresses in group = 172.16.0.0/12

That's it- save changes and hit start. Be aware that you've now blocked all external access to your server on important services such as SSH and ARD, so you'll no longer have remote control of your server.