You can do this with acls, zbfw, etc. I wouldn't recommend trying to figure out what ports you want to allow out because there are a lot of non-standard valid ports that you could be blocking. For example, there could be redirects from a site to another site on a different port (think 80 vs 8080).
You could use qos to throttle back all of the non-standard traffic, but also allow all of your other traffic. For example, create an acl that matches everything to port 1024 and put that in a queue, and then anything that doesn't match this put in the class default. That way, nothing will be blocked, but you'll still allow your higher priority traffic out. If this is connected to the internet directly, you wouldn't be able to control the inbound traffic unless you created a policy map that matched on your public address and policed traffic inbound, but that would affect all legitimate traffic as well. (I can clarify this in a minute.)
So, I would recommend a class map to not deny all traffic. An example would be something like:
access-list 100 permit tcp any any range 1 1024
access-list 100 permit udp any any range 1 1024
class-map match-any AllowTraffic
match access-group 100
bandwidth percent 90
bandwidth percent 2
You'll need to modify the policy to reflect your bandwidth. It depends on the os version that you have if you specify the bandwidth under the policy or on the interface. On the WAN interface, put "max-reserved-bandwidth 100" and you should be able to use this policy as is. It will guarantee 90% of the bandwidth of the interface speed and whatever doesn't match the acl in your class will hit the class-default, but would only be guaranteed 2 percent.
service-policy output AllowTraffic
Otherwise, if you're deadset on blocking the traffic, you can do this with an acl and apply the acl to the interface directly.
I also wanted to add that you can use nbar to match on bittorrent traffic and drop that if you're needing that as well. I guess there are quite a few ways to do what you're wanting to do.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.