0
A+ A-

How to Block Skype Traffic in Mikrotik.

 

Since last several week i am blocking a Skype traffic in my office environment. I have tried Layer-7 protocol to stop traffic but i am failed on it. So i search internet but not found any solution….
After that i have contact my friend who help me on it ..

/ip firewall address-list
add address=111.221.74.0/24 comment=\
    "------------- disable_skype  -------------" disabled=no list=skype_servers_x
add address=111.221.77.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=157.55.130.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=157.55.235.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=157.55.56.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=157.56.52.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=213.199.179.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=63.245.217.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=64.4.23.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=65.55.223.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x

/ip firewall filter
add action=drop chain=forward comment="Skype - Block - Pool" disabled=yes \
    dst-address-list=skype_servers_x

If you need to catch Skype server address via dns .. use below script… It just fetch address from dns and create address-list
Test under v.5.x

/system script
add name=skype_script policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source=":foreach i in=[/ip dns cache find] do={\r\
    \n    :local bNew \"true\";\r\
    \n    :local cacheName [/ip dns cache all get \$i name] ;\r\
    \n#    :put \$cacheName;\r\
    \n\r\
    \n    :if ([:find \$cacheName \"skype\"] != 0) do={\r\
    \n\r\
    \n        :local tmpAddress [/ip dns cache get \$i address] ;\r\
    \n#\t:put \$tmpAddress;\r\
    \n\r\
    \n# if address list is empty do not check\r\
    \n        :if ( [/ip firewall address-list find ] = \"\") do={\r\
    \n            :log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\
    \n            /ip firewall address-list add address=\$tmpAddress list=skype_dns_ips comment=\$cacheName;\r\
    \n        } else={\r\
    \n            :foreach j in=[/ip firewall address-list find ] do={\r\
    \n                :if ( [/ip firewall address-list get \$j address] = \$tmpAddress ) do={\r\
    \n                    :set bNew \"false\";\r\
    \n                }\r\
    \n            }\r\
    \n            :if ( \$bNew = \"true\" ) do={\r\
    \n                :log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\
    \n                /ip firewall address-list add address=\$tmpAddress list=skype_dns_ips comment=\$cacheName;\r\
    \n            }\r\
    \n        }\r\
    \n    }\r\
    \n}"/system scheduler
add disabled=no interval=5s name=Skype on-event="/system script run skype_script" policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    start-time=startup

Posted by
Share to:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Top