I am not sure if it would be what you want, but what about piping
everything through squid?

It would seem to me that you would have much more control over the
HTTP, HTTPS and FTP sessions and you can also then block any traffic
that does not use the proxy.

On 4/14/06, Jay Austad <austad at signal15.com> wrote:
> A friend of mine, also a member of this list, is in Iraq and obtained
> a satellite connection.  He's providing wireless connectivity for the
> people on the base, and is using an iDirect Netmodem II satellite
> modem.  Unfortunately, this device has a 1024 session limit, and if
> this limit is exceeded, the thing crashes.  It's a known issue, and
> iDirect has not fixed it yet.
>
> Behind this thing, he's got a linux firewall doing NAT for everyone
> behind it.  He's blocking P2P, and other things that take up massive
> amounts of sessions, but he's got quite a few HTTP sessions that just
> hang open doing nothing.  Is there a way to force the linux box to
> close these sessions down after like 15 seconds of no activity and
> send a RST to the remote host?
>
> ~jay
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
>


--
Loren H. Burlingame <loren at lhb.name>
GPG Key ID: 0x112DCF4F
"Irony can be pretty ironic sometimes."
   -William Shatner (a.k.a. Buck Murdock)