iptables/ipchains doesn't have the ability to look into packets, so it can't really be used for this.
Now I am starting to get annoyed. Yes, IPTables can inspect packets. Suggestion: get a recent version and check out the "string" keyword.
I quizzed him about it yesterday. The packet filter provided by zeroknowledge (which runs on the windows box) has the capabilities to look into the packets and match against regular expressions provided by the operator, and that was the one that lit up when he started media player.
Moot point, ZK is dead. Dead'er then a flat squirrel. Something else you can do: use snort to inspect packets and then use a snort add on to block the packets dynamically (not that I strongly advocate this as it can lead to potential DoS). -Kurt