alt Hacker NewsCould you provide more details? Many applications use multiple processes, and use some intermittently. It seems like quite a bit of work to enumerate every process used and then to keep the white/blacklist updated as usage and software changes - every new application or command you use, every update, every OS change that affects networking or system calls etc ...
Yes, with security comes inconvenience, this is inevitable.
I'm not a daily user of network namespaces, and would probably write a script to do the configuration within a shell (it works a bit like containers). The configuration is inherited by child processes, so you only have to do it once. Basically whitelist the urls you typically use, and maybe let the script popup a dialog asking you to allow access when the firewall catches a domain that is not in the whitelist yet.