Eu nunca tentei, mas primeiro você precisa corresponder ao tráfego desejado. Você deve ser capaz de fazer isso usando o iptables e a opção -p com o número do protocolo:
PARAMETERS The following parameters make up a rule specification (as used in the add, delete, insert, replace and append commands).
[!] -p, --protocol protocol
The protocol of the rule or of the packet to check. The speci‐
fied protocol can be one of tcp, udp, udplite, icmp, esp, ah,
sctp or all, or it can be a numeric value, representing one of
these protocols or a different one. A protocol name from
/etc/protocols is also allowed. A "!" argument before the pro‐
tocol inverts the test. The number zero is equivalent to all.
Protocol all will match with all protocols and is taken as
default when this option is omitted.