ZA or similar programs are no good examples for firewalls. Netfilter is a packet-filter, and quite a good one, nothing more, nothing less. If you don't want a particular software to communicate via the network, deny execution of the software. Reading the manpage of chmod should offer help. If you are uncertain whether you can trust a Linux application, read the source code of it. Apart from that a packet filter acting as a separate device never can have even the slightest clue which application on another machine has created a certain packet.
The mechanisms of comminication between applications (and kernel) in Windows and Linux are totally different.
Windows internals are irrelevant in a Linux environment.