From: Daniel Lopes <lopsch@lopsch.com>
To: netfilter@lists.netfilter.org
Subject: Re: rules for skype
Date: Mon, 02 May 2005 16:36:21 +0200 [thread overview]
Message-ID: <42763AE5.1000606@lopsch.com> (raw)
In-Reply-To: <427559CC.9050108@solutti.com.br>
Leonardo Rodrigues Magalhães schrieb:
>
> Skype is able of connect using squid throw HTTPS connections, which
> makes it harder to block using squid ACLs, as when HTTPS is used, squid
> sees nothing only the hostname that you're connecting and NOT the whole
> URL.
>
>
> Sincerily,
> Leonardo Rodrigues
>
>
> Seferovic Edvin escreveu:
>
>> DEVIL_MODE = 1;
>> You can stop it by blocking incoming high ports ;)
>> DEVIL_MODE = 0;
>> Why should you block all incoming high ports? Hm.. maybe you want to
>> allow
>> only web traffic that comes and goes through a squid proxy ;)
>>
>> Regards,
>>
>> Edvin Seferovic
>>
>> -----Original Message-----
>> From: netfilter-bounces@lists.netfilter.org
>> [mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of Taylor, Grant
>> Sent: Montag, 02. Mai 2005 00:00
>> To: netfilter@lists.netfilter.org
>> Subject: Re: rules for skype
>>
>>
>>
>>> iptables -A FORWARD -p tcp --dport SKYPEPORT -j ACCEPT
>>>
>>
>>
>> <devilish @^*% eating grin> He, Skype does not have a port (per say).
>> </devilish @^*% eating grin>
>>
>> Skype will use just about any port that it can use (all the standards you
>> would think for internet traffic) to connect to any ""super node that
>> it can
>> connect to. unfortunately what qualifies as a Super Node is any node /
>> computer that is running Skype that is directly connected to the internet
>> with out a firewall that would inhibit other systems from connecting
>> directly to it. Do a Google for "Skype Protocol" and see what you
>> find. I
>> have a PDF on it at the office that I'd be happy to send you. (If you
>> want
>> this PDF I'll find the URL to it and post it to the list or email
>> individually as I don't think the list would like a PDF sent to it.) The
>> only way that I've heard to even slow down Skype is to force it to pass
>> through a proxy, beyond that nothing, that I have heard of or read about,
>> will stop it.
>>
>>
>>
>> Grant. . . .
>>
>>
Yes this 443 port thing is the only reason why it seems that Skype is
unstoppable. You could block connections to that port but then you would
also cut off https based websites :(.
next prev parent reply other threads:[~2005-05-02 14:36 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20050501223241.CF7E4103130@correio.solutti.com.br>
2005-05-01 22:35 ` rules for skype Leonardo Rodrigues Magalhães
2005-05-02 14:36 ` Daniel Lopes [this message]
2005-05-02 14:40 ` Taylor, Grant
2005-05-02 15:07 ` Seferovic Edvin
2005-09-26 7:06 Mofizul Hoq
[not found] <200505021507.j42F7cIb004153@rti02.co-lo.riverviewtech.net>
2005-05-02 15:56 ` Taylor, Grant
[not found] <20050502150901.DAEF39E9F4@dd6816.kasserver.com>
2005-05-02 15:36 ` Daniel Lopes
2005-05-02 15:58 ` Taylor, Grant
2005-05-02 16:48 ` Taylor, Grant
2005-05-02 17:01 ` Deepak Seshadri
2005-05-02 17:09 ` [SPAM] " Taylor, Grant
2005-05-02 17:42 ` Deepak Seshadri
2005-05-03 7:17 ` Victor Yeo
2005-05-03 7:50 ` John A. Sullivan III
2005-07-13 2:52 ` Fajar Priyanto
2005-07-13 10:53 ` Daniel Lopes
-- strict thread matches above, loose matches on Subject: below --
2005-05-01 9:37 varun_saa
2005-05-01 9:46 ` Askar
2005-05-01 22:00 ` Taylor, Grant
2005-05-01 22:31 ` Seferovic Edvin
2005-05-01 23:43 ` Mogens Valentin
2005-05-02 1:32 ` Daniel Lopes
2005-05-02 6:14 ` Taylor, Grant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42763AE5.1000606@lopsch.com \
--to=lopsch@lopsch.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.