While the multi-connection penalty works it might still block legitimate users.
I am interested in blocking Bittorrent which by default uses ports 6881-6999, and my log shows connection to those ports. I would like a Plenalty based on destination port access, So if a user accesses port 6881 UDP then his connected is blocked. I mean ALL his connection not just to that destination. 6881 is the most common torrent port I see in my logs.