Application-wise network filtering on Linux?
Recently I was asked if Linux supports application-wise network filters. Despite the debatable sense behind such a function I was interested in the technical possibilities and current implementations. It turned out that there is no currently active project atm.
Application-wise network filtering is a controversial topic: in Windows such frameworks are quite common (ZoneAlarm, Norton Internet Security) and are the nightmare of every Help Desk. Additionally they are designed to interact with the user who most often has no idea - and they tend to spread fear among the users to show how “effective” they are while there is nothing to fear.
So I searched a bit for existing implementations. It turned out there are three projects which once tried to implement this task together with a handy GUI: Systrace, Tuxguardian and Program Guard.