Policy-based Routing based on user


Is it possible to tag and route packets based on the originating user?

I was attempting to replicate the Linux iptables tagging and routing like:
iptables -t mangle -A OUTPUT ! --dest $LOCALIP -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
ip rule add from all fwmark 0x1 lookup $VPNUSER
ip route replace default via $GATEWAYIP table $VPNUSER

You can't do policy routing on traffic that originates on the host itself because of certain limitations on the integration of routing and packet filter hooks in the kernel. The best you can do is use multiple FIBs (setfib(1)).