you probably don't need to use iptables, unless you want to sever the connection if the cap is broken. There was an article in a magazine here in Australia that covered what what you want to do using /proc/net/dev stats read into a file and then graphed with mrtg. It may be a little harder to follow without the article (only published in the mag) but still worth a look. Check out the download section on the Atomic
web site for Atomic-Wall, or better still try to get a copy of the mag. If you have any trouble following it let me know.