Restrict network access for specific user


I would like to restrict network access for a specific user. I am used to configure iptables (Ubuntu), so please excuse this simple question.

How can I restrict all network access for a specific user?

First, I set the iptables rule: iptables -A OUTPUT -m owner --uid-owner 1002 -j REJECT
This blocks all network access for this user. Then I installed iptables-services and saved my iptables rules with iptables-save > /etc/sysconfig/iptables and ip6tables-save > /etc/sysconfig/ip6tables

However, after restart, the rules do net get applied automatically. I then read that Fedora is using firewalld.

Is there a simple way to block this user with firewalld or do I need to rely on iptables (and therefore do something else to make it applying my rules automatically?

FW_UID="$(id -u test)"
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter \
    OUTPUT 0 ! -o lo -m owner --uid-owner ${FW_UID} -j REJECT
sudo firewall-cmd --permanent --direct --add-rule ipv6 filter \
    OUTPUT 0 ! -o lo -m owner --uid-owner ${FW_UID} -j REJECT
sudo firewall-cmd --reload

firewall-cmd: firewalld command line client | firewalld Commands | Man Pages | ManKier

Thank you very much! Exactly what I was looking for.

Does that only works if the firewalld backend is iptables?
Isn’t the default nftables?

This also works for the nftables backend which is used by default.