dynamic firewall

hi, someones know if exis a dynamic firewall for linux?
i mean, a firewall (or tool) that ask me if an application can come out (or
in) from my pc.
in other words a firewall that act like zone alarm for windows.

User wrote:

> hi, someones know if exis a dynamic firewall for linux?
> i mean, a firewall (or tool) that ask me if an application can come out
> (or in) from my pc.
> in other words a firewall that act like zone alarm for windows.

A firewall in *nix preferrably doesn't run on a application server or
desktop,
so it (basically) can have no clue about the application running on a host
inside the local lan sending out that particular packet. Well, there is some
regexp matching for packet signatures, but it will take much effort and ...
guess, give little benefit except for special cases.
Now zonealarm and the other common "desktop firewalls" tend to make a user
think he is safe from trojans and spyware, while the real spyware uses
common internet explorer libraries to get out ... or even installs tools to
completely bypass the "firewall". That's again a reason why a *nix firewall
should not run any applications or other unnecessary services (because they
might be exploitable).
--
Longhorn error#4711: TCPA / NGSCP VIOLATION: Microsoft optical mouse
detected penguin patterns on mousepad. Partition scan in progress
*to*remove*offending*incompatible*products.**React ivate*MS*software.
Linux woodpecker.homnet.at 2.6.12-mm2[LinuxCounter#295241,ICQ#4918962]