...and have you read this
, which is the best documentation for all things iptables. Now, that might be more information than you wanted, but, on the assumption that after this problem there will be/would have been another problem, it will be worthwhile.
OK, to break it down a bit
(I'm not going to answer your question directly), how would you, for example, do anything with http-related packets. What identifying feature would you use that allows you to separate those packets from the rest?
Could you do something similar with the other protocols (clue: yes, unclue, ssh might be more difficult, but that might be beyond the scope, depending)?
Could you do something that only works on packets from a particular source address range (again, clue: yes).
Could you combine the above (clue: yes).
...trouble writing a iptable rule...
That seems to imply that only a single rule would be an acceptable answer. This may or may not be what you mean. I'll point out that a sequence of rules might be more flexible and may be able to achieve a more exact match to certain requirements and so, from that point of view, there may be an advantage in writing a sequence of rules, rather than just a single rule (there can also be disadvantages in writing a sequence of rules, so it depends a bit on context, which we don't have).
In any case, if you can write a sequence of rules that does pretty much what you want, it shouldn't be too difficult to come up with something similar (not exactly the same...but with some similarity), but compacted into a single rule.
It is difficult to know on what exact point you are stuck until you actually submit something that you have written, with a comment like 'and I don't know how to add this bit...' or '...but this seems to fail in that respect...'.