Isn't Little Snitch essentially an interactive firewall? Rather than silently denying/allowing traffic, it needs the user's decision until a connection is white/black listed? Why would this not be allowed on Linux? (other than the app doesn't exist, yet)
However, if you allow everything to 80/443, the extensions would still be able to connect to their servers. Maybe the browsers should add the ability to allow/deny connections per extension.
Every once in a while something comes up trying to be 'Little Snitch for Linux' but none has survived AFAIK, To be honest one of the reasons I use macOS is for LS and I've heard few others say that too. But now since macOS is bypassing LS or limiting its function or to put it simply doing weird network stuff I'm planning to get back to Linux.
This is entirely possible. Either by isolating the application into a network namespace (e.g. via firejail or systemd units), with selinux labels, running the process under a custom gid and various other mechanisms.
I have not done that on a desktop but seen it on servers with selinux, each service we added had to be labeled properly to get network access, one extra line in the deployment script. I'm not aware of an GUI tools though, if that's what you're asking. I think that's also the approach android uses to enforce app permissions, they obviously have a gui but that doesn't integrate with normal desktop environments.
I wish I could block per-app connections on Linux like Little Snitch appear to allow on Mac.