Mailinglist Archive: opensuse-security (24 mails)

< Previous Next >
Re: [opensuse-security] Blocking Skype
  • From: kl <wkluge@xxxxxxxxxxxxx>
  • Date: Tue, 23 Oct 2007 15:31:07 +0800
  • Message-id: <471DA33B.3040300@xxxxxxxxxxxxx>


Fajar Priyanto wrote:
On Tuesday 23 October 2007 12:05:33 kl wrote:
Good afternoon.

My client is running an openSUSE 10.3 gateway server with Squid and
fetchmail/postfix/maildrop/qpopper.
He wants to restrict Internet HTTP access to servers on an allowed list
and no direct access to external mail.

Is there any way I can stop the uncontrolled use of Skype or other
messengers from the Windows workstations?

Will appreciate any hint as how to handle this.

Hello KL,
We can achieve this through several ways:
1. From squid, blocking the url. For example:
acl dstdomain "/etc/squid/ban.txt" http_access deny acl

contents of ban.txt:
xxx.com
yyy.com

2. By iptables:
For mail: iptables -I FORWARD -p tcp --dport 25 -s yourclientip -j DROP
For messenger (yahoo): iptables -I INPUT -p tcp --dport 5050 -s yourclientop -j DROP
(skype): iptables -I INPUT -p tcp --dport 443 -s yourclientip -j DROP

However since tcp 443 is https, then any website that uses it will be inaccessible too.

HTH,
I'm afraid this would not work - Skype does not necessarily use port 443
Skype will use any available port it finds, even port 80 which I obviously cannot block.

Wolfgang Kluge





---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups
References