Iptables has an owner match that you can use to place restrictions on your users access to the network.
$ /sbin/iptables -m owner -h
...
OWNER match v1.2.8 options:
[!] --uid-owner userid Match local uid
[!] --gid-owner groupid Match local gid
[!] --pid-owner processid Match local pid
[!] --sid-owner sessionid Match local sid
[!] --cmd-owner name Match local command name
Since Mandrake uses shorewall it might be helpful for you to take a look at
http://www.shorewall.net/UserSets.html.
Could you post more information about what firewall configuration you are using?