I can set the processes to run under special uid's and use the technique from this SF answer:
-A OUTPUT -m owner --uid-owner 400 -j DROP
...But are there any other ways to blacklist based on the PID or its parent's PID without setting up new user accounts?
Relevant links:
EDIT:
A possible duplicate of Block network access of a process?
EDIT #2:
unshare -n doesn't work on CentOS/RHEL 6.5, since the kernel is compiled without CONFIG_NET_NS=Y.
