Hi. First of all, sorry for my english )
For a long time i was looking for app-layer firewall functionality in linux, but still no propriate results. The grsec ACL system has such implementation, where i can easily grant access for any app to interract with network. I found it extremely usefull. However, creating _full_ acl for system is not exactly what i would like to see. May be it is possible to create another acl system feature, with the only aim to control network activity? Another acl file with network policy.