I tried out portmaster recently. Coming from rethinkdns on Android, I was far from impressed; it looks featured, but it's much harder to use. Opensnitch looks better but doesn't have the nice features to drill down connections (get from app requesting a domain being resolved to an IP and connecting on a port, and filter this at any level including globally; if the request was already filtered, you can see why and get to that filter to either remove it or add an exception)