On *nix we can use iptables to block packets by it's clear content or string. This won't work on encrypted connections (unless you match an exact string that repeats on the encrypted connection)
In this example, we block the output to a syslog UDP endpoint that contains “closed keepalive connection”
iptables -I OUTPUT -p udp --dport 514 -m string --string "closed keepalive connection" --algo kmp -j DROP
Use -m string –string STRING –algo kmp the times you need to match multiple strings in the same packet.