What about for example online browsing the Netfilter Mailinglist? It uses https too and the meg of data could fast be reached.
Hmm. Maybe filtering would have to be done based on duration. Hmm, the more that I look at it the more that I think that you would have to limit the number of times that the rule did natch. You would probably want to set a limit (limit, dstlimit, connlimit, hashlimit, etc) on on the number times (per some duration) that a person is allowed to have an HTTPS connection that is larger than 1 MB.
Grant. . . .
