You can filter ports on the local machine by user with iptables using something like this:
iptables -A OUTPUT -p tcp --dport 1234 -d localhost -m owner ! --uid-owner root -j REJECT
Will restrict port 1234 on localhost to only be accessible by root.
Found at Paranoid Penguin: Using iptables for Local Security.
