Ask per connection attempt?

Is there any way to be prompted (and potentially remember) EACH connection attempt? Not each application; each connection.

E.g., say my browser tries to connect to hostile.ip, and I want to block THAT connection, but not ALL connections from my browser…

Put your firewall’s alert settings to very high that way you will be alerted for each port and IP address.

Or if you have a limited set of IP addresses you can add them to My Blocked Network Zones. When you want to block big amounts of IP addresses its better to try a tool like Peerblock.