I've got no idea as to separate contentfilters, but you should be able to block Kazaa and Audiogalaxy because they use std ports.
Iptables has some form of contentfiltering called stringmatching support (IIRC) but that's experimental. Astaro and Suse promote fw packages having "content filtering", but by that they only mean HTTP traffic (using Squid prolly).
Another way I could think of would be to find some form of signature in that traffic, but that'll be hard, because Kazaa doesn't only do mp3, and let Snort block it.
Maybe you should review your fw rules, and only accept traffic for what you would explicitly allow.