I just found FireyFilter today. It's an act-alike to the windows personal firewalls that will show you both inside and outside view, controlling connections from both ends. Quite impressive really.
I'd want a few things to be fixed with it though :
* DNS lookups in a separate thread so that it doesnt hang the UI when trying to lookup the host of my DNS server... erm.. ;)
* instant apply of rules when you create them based on actions.
* ability to filter based on interface without setting in/out direction.
* Lookup of user & application name
Actually, I'd probably prefer to have a fairly simple netfilter firewall, and using an interactive ACL control like Systrace for the "allow this app to connect to..." sort of things. However, the systrace gui.. erm. needs love.
I've been peeking at both grsecurity, LIDS and SELinux. However, none of them seem to have an interactive rules generator with a GUI, Which makes me uninclined to use them.