using iptables, can i prevent some selected applications to access internet?
or can i do it using some other security tool?

i know about the incomming traffic firewall (or hosts.deny, hosts.allow), if i have deamon, such as webserver, ftp or ssh, but my problem is turned around - accessing internet from within should be denied.

for example, i would like to prevent openoffice accessing internet.
can i select, that only gaim, akregator, konqueror and yum are allowed to access internet (eth0), without writing my own kernel module?

Guarddog is a firewall app that uses IPtables but can block individual apps from the net, i didn't like it that much, i use firestarter, but you might

http://www.simonzone.com/software/guarddog/

thanks for answering, i didn't know about guarddog, i'll put it to use at some later time, it looks great.

as i've understood, guarddog supports only protocol-level firewall, not application-level (e.g. bound to PID or command name).

i like the firestarter app... it even acts as IDS.

is it possible to restrain internet access using application names, such as inetd services in hosts.deny, where i can specify IP's for sshd different from httpd.
there is only one "/usr/bin/konqueror", and could i restrain my internet access rule to this command name? perhaps, can i use SElinux to specify something like that?

once again: i would like to specify applications, that can access internet. they could all just access port 80, using http protocol, so using protocol they are indistinctable.