Yep, that's correct Papa - at present Firestarter can't filter by application - however, what users can do to set up a fairly tight/restrictive firewall with Firestarter is to:
* Drop all incoming connections
* Drop all outgoing connections with the restrictive policy - then - manually augment this outbound policy by explicitly allowing outbound connections to the ports of your choice ie - 21 25 53 80 110 443 etc, etc (for example - obviously you can choose what ports you want here)
Obviously - we're not filtering by application here ....... and rogue code could in theory make outgoing connections to those allowed ports......., but it's a good start, and it's certainly something that some desktop Linux users are probably not currently aware of (the concept, that is)
BTW - doesn't IPtables itself have a "rarely-used" "rarely heard-of" module/extension that facilitates filtering by application ??? - from what I've heard, it does - it's poorly documented though and there's very little information on it (on the web) from what I've heard - has anyone else heard about this?