Hi Ormond,
I think in general firewalls have always been poorly understood as basically firewalls are essentially just filters between your computer and the outside world that, in typical use, allow some network traffic to pass and block other traffic.
There are two basic firewall types, each taking a different approach to filtering packets. One is called an “application firewall,” as in apples because it either allows or blocks packets to specific applications, regardless of the port the traffic is addressed to. So, for example, you could allow or block all packets sent to Mac Mail with this kind of firewall built-in. Also Mac users who want a bit more network security can turn on an optional firewall feature in OS X called Stealth Mode. With Stealth Mode enabled, the Mac will not acknowledge or respond to typical network discovery attempts with ICMP
ping requests, and will not answer connections attempts made from closed TCP and UDP networks. Essentially, it makes the Mac appear to these requests as if it doesn’t exist at all.
Have a look here if you are unsure of this mode.
https://support.apple.com/kb/PH25606?viewlocale=en_US&locale=en_US
In what cases might I want the firewall off?
I dont see that you would need to turn it off, because you can choose which of your applications you can trust thus allowing them to both send and receive network traffic.
Its a little different if you want file sharing turned on, just double check the list of applications it generates.
I personally think that the beauty of Apple’s built-in Application Level Firewall is that you don’t need to really do anything other than turn it on. Your Mac will take care of determining whether or not an application should be allowed to send and receive network traffic.
