Hello,
since I am fairly new to iptables, this may be old news to many of the gurus
here. Consider it some food for thought.
Since one can create rules that limit quantity of packages (say) per second,
one could use this feature to limit [in|out]bound traffic from EVERY port
(except specific ones).
The idea would be to block the downloading of big files/too much information,
from non-permited services.
Maybe something like: permit any quantity for HTTP, FTP, SMTP/POP (for email
attachments), SSH (for sftp), (others?), and limit every other traffic to a
reasonable quantity per [sec|min|...].
However, I heard of people having crashing problems when limiting amount of
ssh connections, in some kernel version. Aparently some sort of memory leak.
It may very well be fixed by now, but I never really looked into it, since I
resorted to userspace scripts for the job (in my case, I use fail2ban to
limit ssh connections).