This is an old revision of the document!
On *nix we can use iptables to block packets by it's clear content or string. This won't work on encrypted connections (unless you match an exact string that repeats on the encrypted connection)
In this example, we block the output to a syslog endpoint that contains “closed keepalive connection”
iptables -I OUTPUT -p udp --dport 514 -m string --string "closed keepalive connection" --algo kmp -j DROP