Você vai querer usar o módulo iptables owner e talvez algumas combinações inteligentes de pacotes.
owner This module attempts to match various characteristics of the packet creator, for locally-generated packets. It is only valid in the OUTPUT chain, and even then some packets (such as ICMP ping responses) may have no owner, and hence never match.
--uid-owner userid Matches if the packet was created by a process with the given effective (numerical) user id.
--gid-owner groupid Matches if the packet was created by a process with the given effective (numerical) group id.
--pid-owner processid Matches if the packet was created by a process with the given process id.
--sid-owner sessionid Matches if the packet was created by a process in the given session group.