Firewalld
From Ju's wiki
GID restrictions for e.g. VPN
<?xml version="1.0" encoding="utf-8"?>
<direct>
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-m owner --gid-owner 1234 -o lo -j ACCEPT</rule>
<rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-m owner --gid-owner 1234 '!' -o tun0 -j REJECT</rule>
<rule ipv="ipv6" table="filter" chain="OUTPUT" priority="0">-m owner --gid-owner 1234 -o lo -j ACCEPT</rule>
<rule ipv="ipv6" table="filter" chain="OUTPUT" priority="1">-m owner --gid-owner 1234 '!' -o tun0 -j REJECT</rule>
</direct>