Edit: Looks like that only matches the process "task command name", so it probably won't work for full paths. I guess that's why they use their own kernel module?
Edit2: Never mind. That feature disappeared with 2.6.14, 10 years ago: https://lists.netfilter.org/pipermail/netfilter/2007-January...