-m owner and INPUT chain

[Ernest Davnis <mark@renton.name>]

Hi,

I've got a problem which i can't solve with the help of Linux. The
problem is such:
there's a server with many shell accounts, i have to check what
incoming/outcoming traffic generate these users.
No problem with outgoing traff:

iptables -D OUTPUT -m owner --uid-owner 500 -p all -j ACCEPT
but it's said in man iptables:

owner
This module attempts to match various characteristics of the
packet creator,  for  locally-generated  packets.
It  is  only  valid  in the OUTPUT chain, and even this
some packets (such as ICMP ping responses) may have no
owner, and hence never match.

It means that I can't use owner module for INPUT chain
I've also found a patch:
http://svn.netfilter.org/cgi-bin/viewcvs.cgi/branches/patch-o-matic-ng/linux-2.6.11/owner-socketlookup/
but i can't make it work on linux kernel 2.6.20+, as there's a
difference in tcp.h, udp.h and etc or anything else that
I don't know.

Using FreeBSD to solve such a problem is the following:
# ipfw add ip from any to me in uid 500
# ipfw add ip from me to any out uid 500

Can I make smth similar on Linux?

-- 
BRGDS. Ernest Davnis.