Mogens Valentin schrieb:
Taylor, Grant wrote:
iptables -A FORWARD -p tcp --dport SKYPEPORT -j ACCEPT
<devilish @^*% eating grin> He, Skype does not have a port (per say).
</devilish @^*% eating grin>
Skype will use just about any port that it can use (all the standards
you would think for internet traffic) to connect to any ""super node
that it can connect to. unfortunately what qualifies as a Super Node
is any node / computer that is running Skype that is directly
connected to the internet with out a firewall that would inhibit other
systems from connecting directly to it.
No wonder, since Skype is based upon the methods as used for Kazaa.
Damn thing to deny too, as is many other sharing apps...
AFAIR I found it slightly easier blocking such using ipchains explicit
in/out/forward rules, than with iptables and ESTABLISHED,RELATED rules.
Do a Google for "Skype Protocol" and see what you find. I have a PDF
on it at the office that I'd be happy to send you. (If you want this
PDF I'll find the URL to it and post it to the list or email
individually as I don't think the list would like a PDF sent to it.)
The only way that I've heard to even slow down Skype is to force it to
pass through a proxy, beyond that nothing, that I have heard of or
read about, will stop it.
Mind adding me to that list? If so, thanks a lot!
Mhm Kazaa can be blocked by IPP2P for example. But Skype´s payload is
encrypted what makes it way more difficult or impossible. But what about
NUFW doesn´t it authenticate upon application? I would like to receive a
copy of that PDF too please :).
