I think that you can stop ALL https connections with squid.. if you want of course... but then, I dont know if there is such way as you described it. A very good ACL implementation is squidGuard. But hey.. why do you want to stop skype? Regards, Edvin Seferovic -----Original Message----- From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Taylor, Grant Sent: Montag, 02. Mai 2005 16:41 To: netfilter@xxxxxxxxxxxxxxxxxxx Subject: Re: rules for skype > Yes this 443 port thing is the only reason why it seems that Skype is > unstoppable. You could block connections to that port but then you would > also cut off https based websites :(. Would it be possible to ACL via Squid (or the likes) to control what host a client is initiating an SSL connection to? I have not done much filtering on the application (HTTP) level beyond blocking basic requests for a domain on standard HTTP (80). I wonder if it would be possible to write an extension for Squid that would not allow connections to IP addresses that don't (forward) resolve back to what they reverse resolve to. I'm grasping at straws here, but then again Skype is going to be hard to stop. Grant. . . .
