From owner-freebsd-pf@FreeBSD.ORG  Mon Sep 11 11:38:13 2006
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5E47216A595
	for <freebsd-pf@freebsd.org>; Mon, 11 Sep 2006 11:38:12 +0000 (UTC)
	(envelope-from wiqd@codelounge.org)
Received: from mx1.codelounge.co.za (mx1.codelounge.co.za [196.14.172.107])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E240443D73
	for <freebsd-pf@freebsd.org>; Mon, 11 Sep 2006 11:38:04 +0000 (GMT)
	(envelope-from wiqd@codelounge.org)
Received: from localhost (mx1.codelounge.co.za [196.14.172.107])
	by mx1.codelounge.co.za (Postfix) with ESMTP id 60F0076FB94
	for <freebsd-pf@freebsd.org>; Mon, 11 Sep 2006 13:42:07 +0200 (SAST)
X-Virus-Scanned: by amavisd-new-2.4.2 (20060627) (FreeBSD) at localhost
Received: from mx1.codelounge.co.za ([196.14.172.107])
	by localhost (mx1.codelounge.co.za [196.14.172.107]) (amavisd-new,
	port 10024) with ESMTP id dE2TiZbP77ue for <freebsd-pf@freebsd.org>;
	Mon, 11 Sep 2006 13:41:57 +0200 (SAST)
Received: from codelounge.org (c1-98-3.nngy.isadsl.co.za [196.209.18.98])
	by mx1.codelounge.co.za (Postfix) with ESMTP id 34ED776FB92
	for <freebsd-pf@freebsd.org>; Mon, 11 Sep 2006 13:41:56 +0200 (SAST)
Received: by codelounge.org (nbSMTP-1.00) for uid 1000
	wiqd@codelounge.org; Mon, 11 Sep 2006 13:34:59 +0200 (SAST)
Date: Mon, 11 Sep 2006 13:34:58 +0200
From: Greg Armer <wiqd@codelounge.org>
To: freebsd-pf@freebsd.org
Message-ID: <20060911113458.GA10659@gentoo>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.11
Subject: Block Skype with PF
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Greg Armer <wiqd@codelounge.org>
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Sep 2006 11:38:13 -0000

Good day list,

I was just wondering if any of you have a running 'receipe' using PF
that can block Skype.

What I have found out is the following:

- Skype picks a random port to use when it is installed
- It can switch over to port 80 / 443 if a firewall is too restrictive
- It appears UDP ports above 1024 are used aswell

So what I was thinking of doing is blocking all outgoing UDP above port
1024, and trying to identify and block the port 80 / 442 traffic with 
squid and a transparent proxy.

Does anyone have any better solutions to this which do not involve
expensive layer 7 inspection hardware ?

Many thanks for your comments / ideas.

Regards,

--
Greg Armer