Nodes in MANETs lack the protection offered by firewalls in infrastructure-based networks because malicious nodes can roam into the vicinity of another node and start launching attacks. This paper presents a distributed mechanism that allows trusted nodes to create protected networks in MANETs. A protected network is created to run a specific application and enforce a common network access control policy associated with that application. To become a member in the protected network, a node has to demonstrate its trustworthiness by proving its ability to enforce policies. Attacks from untrusted nodes are impossible because these nodes are not allowed to establish wireless links with member nodes. Attacks from member nodes are stopped at the originators by the network policy. The trusted execution of all programs involved in policy enforcement is guaranteed by a kernel agent. We demonstrate the correctness of our solution through security analysis and its feasibility through a prototype implementation tested over an IEEE 802.11 ad hoc network.