Bem, existe a correspondência do proprietário:
owner
This module attempts to match various characteristics of the packet creator, for locally-generated packets.
--uid-owner userid
Matches if the packet was created by a process with the given effective user id.
--gid-owner groupid
Matches if the packet was created by a process with the given effective group id.
--pid-owner processid
Matches if the packet was created by a process with the given process id.
--sid-owner sessionid
Matches if the packet was created by a process in the given session group.
--cmd-owner name
Matches if the packet was created by a process with the given command name. (this option is present only if
iptables was compiled under a kernel supporting this feature)
Isso pode não ser tão poderoso quanto o equivalente no Windows. Mas eu não sou amigo de regras de firewall por aplicativo / processo. Isso é algo que o Windows precisa;)