It seems like a good idea, but I’m a little leery of it since I wasn’t able to figure out what kind of backend it uses.
I’m a little surprised that OSX uses ipfw instead of pf, which a lot of the admins I know rave about (since I’m a linux guy, all my firewall knowledge is based on netfilter / iptables.) But I’ve looked it up on Ye Olde Wikie, and it seems perfectly adequate for needs.
It does remind me of a Windows program that my friend had in the early 2000s which monitored TCP and UDP connections and popped up anything “suspicious” according to a set of user-specified rules. I forget what that thing was called- I wasn’t using Windows at that time, and I have never heard of that program again since 2003 or so.
I would definitely recommend the use of some sort of IDS program like this. It seems easy to use, and just intrusive enough to keep users on their toes.