There is an interesting lecture (PDF) by Philippe Biondi and Fabrice Desclaux about how and what they learned about the Skype client code and protocol. On page 75 they give the following secret incantation for blocking Skype traffic:
iptables -I FORWARD −p udp −m length −−length 39 −m u32 −−u32 ’27&0x8f=7’ −−u32 ’31=0x527c4833’ −j DROP
I tried the command and got
ReplyDeleteiptables v1.4.2: Invalid rule number `−p'
Very strange, as simpler command
iptables -I FORWARD -p udp -j ACCEPT
works...
@Anonymous - it might help if you could copy and paste the exact command and output that you got.
ReplyDeletei doesn't work anyway , at least no more.
ReplyDeleteiptables -I FORWARD 1 -p udp -m length --length 39 -m u32 --u32 '27&0x8f=7' --u32 '31=0x527c4833' -j DROP
^ be very carefull with with spaces and tabs
"I tried the command and got
ReplyDeleteiptables v1.4.2: Invalid rule number `-p'"
When I copied/pasted the rule from Firefox in Windows into a putty session, I got this:
iptables -I FORWARD .p udp .m length ..length 39 .m u32 ..u32 .27&0x8f=7. ..u32 .31=0x527c4833. .j DROP
Note that the hyphens are replaced with periods, so I ended up with this error:
[1] 9849
-su: 0x8f=7.: command not found
myhost:~# iptables v1.4.2: Invalid rule number `.p'
Try `iptables -h' or 'iptables --help' for more information.
[1]+ Exit 2 iptables -I FORWARD .p udp .m length ..length 39 .m u32 ..u32 .27
All I had to do was input the command manually and it accepted it... no problem.
When I try to start the firewall with this line, I get the following error:
ReplyDeleteCouldn't load match `u32':/lib64/iptables/libipt_u32.so
I downloaded the file libipt_u32.so and placed at the directory, but then I got an error message regarding conflict of versions.
Is it there another way to make it?
Those having iptables related errors dont copy/paste it type it manually.
ReplyDeleteHowever check the date. Post is 5 years old and I can confirm this no longer functions as a working way to block skype.