iptables/netfilter can be used for monitoring. With the -v (verbose) option,
iptables will report both the packet total and byte total of matching packages. For example:
Code:
[root@box root]# iptables -I INPUT -s 192.168.yy.zz
[root@box root]# iptables -nvL INPUT
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
64 4744 all -- * * 192.168.yy.zz 0.0.0.0/0
This shows 64 packets containing a total of 4744 bytes. (Quite low since I just created the rule.) I am illustrating on an INPUT chain, but, of course, for your purposes you will be using the FORWARD chain. In place of (or in addition to) the IP address, you can match on the MAC address.
You will need to do something to preserve data across reboots. At shutdown you can save data (to the file of your choice) with
iptables-save and restore it at next boot with
iptables-restore. Be sure to include the -c option in both cases. If you need to allow for the possibility of an improper shutdown (crash, power failure, etc), you will have to create you own daemon to monitor at intervals and simply accept the data loss that occurs between the last time the daemon checked and the improper shutdown.
iptables/netfilter can also be used to block access to specified destination ports. If you want to, instead, block based on actual protocol you will have to use software that inspects the content of packets, which is beyond my knowledge. And, of course, if the user is using end-to-end encryption, such as SSL, you can't inspect the contents.
Bit torrent should be pretty easy to handle since, for it to be effective, incoming connections must be port forwarded. W/o your specifically setting up such port forwarding, the user's download speed will get seriously curtailed by standard bit torrent software.