iptables -A FORWARD -p tcp --dport SKYPEPORT -j ACCEPT
<devilish @^*% eating grin> He, Skype does not have a port (per say). </devilish @^*% eating grin>
Skype will use just about any port that it can use (all the standards you would think for internet traffic) to connect to any ""super node that it can connect to. unfortunately what qualifies as a Super Node is any node / computer that is running Skype that is directly connected to the internet with out a firewall that would inhibit other systems from connecting directly to it.
No wonder, since Skype is based upon the methods as used for Kazaa.
Damn thing to deny too, as is many other sharing apps...
AFAIR I found it slightly easier blocking such using ipchains explicit in/out/forward rules, than with iptables and ESTABLISHED,RELATED rules.
Do a Google for "Skype Protocol" and see what you find. I have a PDF on it at the office that I'd be happy to send you. (If you want this PDF I'll find the URL to it and post it to the list or email individually as I don't think the list would like a PDF sent to it.) The only way that I've heard to even slow down Skype is to force it to pass through a proxy, beyond that nothing, that I have heard of or read about, will stop it.
Mind adding me to that list? If so, thanks a lot!
-- Kind regards, Mogens Valentin