On mainline Linux SELinux can be used for this sort of thing. You can either block applications from opening certain network connections straight away, or you can use SELinux in conjunction with netfilter/iptables to filter traffic coming from certain applications. This is very powerful tool, but as always with selinux it's not exactly simple to configure.