Create iptables rule per process/service

1.  
2.  
3. It looks like the owner iptables module is that what you want. First, check if it's available in Your system:
4.  
5. iptables -m owner --help
6.  
7. You can read more here: http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#OWNERMATCH
8. shareimprove this answer
9.  
10.  
11. Owner only allows you to match on the user or group that owns the process, not the process name itself. (The cmd-owner flag appears to have been removed). – Mike Lundy Jun 1 '12 at 22:10
12.  
13.  
14. @MikeLundy: Add a group to your system (I use nonet myself), then add a rule to your output chain like this: -A OUTPUT -m owner --gid-owner nonet -j REJECT --reject-with icmp-net-unreachable Run the program for which you know in advance that you want to block, with sg (sg nonet "your_prog your_args").