> blocking or sandboxing... programs is out of scope for picosnitch
This is reasonable. Can someone recommend a tool (preferably in the Ubuntu repos) for doing that?
I use opensnitch, is mentioned above as well.
https://github.com/evilsocket/opensnitch