shorewall-users April 2012 archive
Main Archive Page > Month Archives  > shorewall-users archives
shorewall-users: Re: [Shorewall-users] Block service Skype with

Re: [Shorewall-users] Block service Skype with Shorewall

From: Paul Gear <paul_at_nospam>
Date: Fri Apr 13 2012 - 01:04:18 GMT
To: shorewall-users@lists.sourceforge.net

On 29/03/12 07:58, I.S.C. William wrote:
> I have a transparent squid proxy, together with shorewall firewall
> version 4.4.25.3, my question is ..
> How I can block the Skype service to my local network, but without
> having to block port 80 and 443 are used for other sites and services.
> I had this rule:
>
> REJECT loc net udp 1024:65535
> REJECT loc net tcp 1024:65535
>
> but it works already.
>
> There will be some way?

1. Make sure your loc2net policy is REJECT or DROP, block outbound 80 &
443 and require them to go through a proxy, or

2. Use something other than Skype

Skype is a pain - it is impossible to safely firewall without opening
your network for egress traffic. On the Windows version i believe you
can proxy it, but in some cases that seems to produce poor audio results.

Paul

------------------------------------------------------------------------------
For Developers, A Lot Can Happen In A Second.
Boundary is the first to Know...and Tell You.
Monitor Your Applications in Ultra-Fine Resolution. Try it FREE!
http://p.sf.net/sfu/Boundary-d2dvs2
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users