program-by-program firewall?
 

I'm looking for a little help on locating a suitable firewall... I've tried guarddog (stopped all traffic until I stopped it) and I've tried firestarter (worked reasonably, but crashed a lot).

What I'd really like though is a firewall that blocks all traffic except for that between the internet and programs I approve. I'm not speaking of blocking all ports, and only opening a few, I'm speaking of only allowing internet access for specific programs that I choose to allow. A GUI is rather important also....

I'm not sure if one exists, but if one does, might someone be able to tell me?

that's not possible, the name of the end application is not present in tcp/ip packages....

i dont know if such a kernel module exists but would it not be possible to hook into the socket system call and refuse to create INET sockets unless the callers pid is in an allowed list.

im just in the middle of configuring a 2.6 kernel and i have noticed the following module that should be of interest to you

CONFIG_IP_NF_MATCH_OWNER, it allows you to identify packets by user, group, pid, etc

I think he's looking for something similar to a Windows-type personal firewall (like ZoneAlarm) where the firewall keeps track of the application sending the packets. I did a quick search of my site and I turned up one candidate- FieryFilter. I did see references to something called Pyrewall; however, I couldn't quickly find any code to download. I've never tried either one so I can't speak as to how well they work.