Joe Laffey wrote: > Is there a way to prevent Skype from relay connections using pfsense. > The Skype "tech" page doesn't go into much detail... just that you want > a p2p friendly firewall... > > > http://support.skype.com/index.php?_a=knowledgebase&_j=questiondetails&_i=127 > > > If this can be permitted what are the security implications?
Are you trying to stop skype acting as a master node, trying to make it talk direct and not via relay, or trying to block it altogether? 1/ master Am not sure how to stop it being a master node, this might help: https://www2.sans.org/reading_room/whitepapers/voip/32918.php 2/ relay To make it talk direct and not use a third party as a relay, I found that setting it to use a static port (advanced settings) and mapping an public IP:Port to the host seemed to help a lot. 3/ block Skype is notoriously difficult to block as it tries all manner of things to get a connection. You can see this if, say, you allow no outbound connections from a host at all. The logs get flooded with skype port scanning! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
