jorge..
Code:
iptables -A INPUT -p tcp -s <client-ip> --dport ! 80 -j LOG
iptables -A INPUT -p tcp -s <client-ip> --dport ! 53 -j LOG
With rule like the above ones you can log all the packets that are not used for browsing & name conversion & further block them to stop unnecesary bandwidth usage. (
here i am assuming that you are not providing any other services to your clients; & if you have some other services then you could probably run another rule to bypass those packets as well)
This is basically for montoring about what are the packets are traversing through your firewall.
You got to go through your logs & then make a note of other ports & block them at FORWARD / INPUT (depending on the way your clients are being offered the internet service)