Re:Something like Zonealarm for linux? (Score 1)

The idea of dynamically adding rules to iptables is appealing. This is an application level filter, effectively, and it can't as such mangle packets or silently drop them as iptables can. Nor can it do half of the other neat stuff that iptables does.

The poster below suggested making this a module of iptables, but I don't think that would be particularly easy as iptables would have trouble causing the applications themselves to block - the packet has long since disassociated with its sender. I think, though, that it would make a useful partner to iptables. The ideal would be to have something like 'deny all' as your basic firewall setup, and let this punch the requisit holes as your applications bind sockets. I've yet to discover, though, how this might affect performance.

As for adding it as a project, I'm considering it. There's an awfully long list of firewall projects on freshmeat, but none of them seem to do quite what this does, so it might be worth a go.