On Linux there is OpenSnitch that does its job nicely, although I experienced some occasional desktop slowdowns even after training it to open everything for trusted programs.
https://github.com/evilsocket/opensnitch
I still recall the old days of Windows when I tried Kerio Personal Firewall and realized how much software already phoned home two decades ago. That was the last wake up call that pushed me into getting rid of closed source software, possibly also hardware, especially when they connect to the internet.
Keep in mind, OpenSnitch is Linux-based and none of Linux firewalls can filter incoming packets by process ID like macOS/FreeBSD (Lil'Snitch) can.
I think iptables was supposed to be able to do this, right?
https://linux.die.net/man/8/iptables
--pid-owner processid
Matches if the packet was created by a process with the given process id.
> NOTE: pid, sid and command matching are broken on SMP
Firejail [2] and Bubblewrap [3] can put limits on application capabilities and/or take away network access. Firejail has default policies for many applications, all of which can be overridden by user configurations in their home directory. Firejail leverages Linux Capabilities and AppArmor. For example, when I launch VLC even if it were configured to pull down album information, it could not. If one day they added default-enabled telemetry to VLC it would go nowhere.
A round-about and heavy handed way to manage communications by PID would be to isolation applications in their own VM or container and map the VM or container to a unique user or group.
[1] - https://ipset.netfilter.org/iptables-extensions.man.html