I've finally got myself focusing on project work, rather than randomly surfing the net and being constantly distracted by tangential things. (It seems to be a summer thing.)
So now, I've actually started real work on my Pyrewall project. Basically it's a personal firewall for Linux. I'm aiming to develop something like ZoneAlarm, only with a better interface (ZA has some nice features, but the UI sucks IMHO).
I'm taking firewall rules from the O'Reilly book "Building Internet Firewalls", and writing them in a new spec language to actually make them readable. I considered XML, but it was a PITA to write in, and shell scripts that call ipchains are to low level. So basically I've designed a high-level firewall specification language. I've now written a parser for it, and I'm about to hook it up to some Python code.
I've also written a kernel module which does rule-based validation of socket calls. It hooks into the socket syscall and intercepts calls to connect() and listen(), and will refuse or allow based on the rules (which are currently hardcoded for testing). Then I obviously have to hook up the front end rules and the back end kernel module, which is the subject of my current research. I'm looking at using something like netlink currently.
I should really start posting some code - I've got a SourceForge project and I've registered a domain. Now there's actually some code there, I'm going to do the "publish early and often" thing...