Skype is a special case because the very nature of the Skype protocol is to effectively circumvent firewall blocks. Skype searches a way to connect to it's services by using different protocols/ports. So there is no simple way to toggle off skype without limiting also other services.
However, there is 1 possibility to block it:
- enable the outgoing firewall and allow only the ports you really need, so skype cannot use it's normal ports to access its services and will tunnel through HTTPS instead.
- enable the http proxy in transparent mode, so skype need to use the proxy.
- block url's containing ip addresses instead of hostnames (example: http://10.1.1.1/test)
The last step is not implemented within the GUI of Endian firewall. You can configure it manually doing this:
- edit /var/efw/proxy/custom-acl.conf using
nano /var/efw/proxy/custom-acl.conf
- add the following:
----------------------- snip ----------------------------------
acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
http_access deny CONNECT numeric_IPs all
----------------------- snip ----------------------------------
- restart the http proxy
From now on you
cannot connect anymore to
url's containing ip addresses. But this is the only way to effectively block skype.
