Blocking Skype in FreeBSD

Blocking Skype in FreeBSD



  1. We need computer with Windows and Skype installed, preferably the latest version.
  2. Turning off all programs that could connect to the Internet, windows update and everything else.
  3. Lets enable Skype and log in, that it will take from the server database ip-address, which you can connect with. After that, turn off it.
  4. Configure the firewall on the gateway, that he would block all network traffic with PC-logged:
    ipfw add 50 deny log logamount 10 million all from ip_mashiny to any

    INFO: All of connections of our PC will written into the log file.

  5. Copy logs of our PC into a separate file:
    tail -f /var/log/all.log | grep ipfw: 50> /usr/skype.ip
  6. Enable Skype on our computer and try to login. get the file skype.ip something like this:
       Jul 9 14:34:10 server kernel: ipfw: 50 Deny UDP 192.168.3.41:40335 217.114.226.118:37950 in via rl0
       Jul 9 14:34:11 server kernel: ipfw: 50 Deny UDP 192.168.3.41:40335 87.228.19.207:15134 in via rl0
       Jul 9 14:34:12 server kernel: ipfw: 50 Deny UDP 192.168.3.41:40335 95.52.139.143:52195 in via rl0
       Jul 9 14:34:12 server kernel: ipfw: 50 Deny UDP 192.168.3.41:40335 95.236.12.233:15842 in via rl0

    This is a small part of created file. There are more records.

  7. Once Skype said that it can not connect, turn it off and turn off the collection of logs and remove our blocking rule at number 50.
  8. Now we need choose IP, which are addressed skype blocked in firewall.
       # Clear the Table 1, if it exists.
       ipfw table 1 flush
    
       # Start reading ip addresses (sort and select only unique records
       # Because it can be repeated), which connected Skype.
       awk '{print ($ 11)}' /usr/skype.ip | sed 's #:.*##' | sort | uniq | while read ip;
    
          # Adding extracted addresses in Table 1.
          do ipfw table 1 add $ ip
       done
  9. Run the script. If all done correctly, the table 1 must be filled with IP address. It can checked by
    ipfw table 1 list
  10. Now we have a table with list of ip-addresses, which was connected Skype. Now just write a rule:
    ipfw add 50 deny all from ip_mashiny to table \ (1 \)

Translation of www.opennet.ru/tips/2599_skype_freebsd_firewall_ipfw.shtml

Leave a Reply

Your email address will not be published. Required fields are marked *