Menu
» » How to Block Skype Traffic in Mikrotik

How to Block Skype Traffic in Mikrotik.

 

Since last several week i am blocking a Skype traffic in my office environment. I have tried Layer-7 protocol to stop traffic but i am failed on it. So i search internet but not found any solution….
After that i have contact my friend who help me on it ..

/ip firewall address-list
add address=111.221.74.0/24 comment=\
    "------------- disable_skype  -------------" disabled=no list=skype_servers_x
add address=111.221.77.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=157.55.130.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=157.55.235.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=157.55.56.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=157.56.52.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=213.199.179.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=63.245.217.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=64.4.23.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=65.55.223.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x

/ip firewall filter
add action=drop chain=forward comment="Skype - Block - Pool" disabled=yes \
    dst-address-list=skype_servers_x

If you need to catch Skype server address via dns .. use below script… It just fetch address from dns and create address-list
Test under v.5.x

/system script
add name=skype_script policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source=":foreach i in=[/ip dns cache find] do={\r\
    \n    :local bNew \"true\";\r\
    \n    :local cacheName [/ip dns cache all get \$i name] ;\r\
    \n#    :put \$cacheName;\r\
    \n\r\
    \n    :if ([:find \$cacheName \"skype\"] != 0) do={\r\
    \n\r\
    \n        :local tmpAddress [/ip dns cache get \$i address] ;\r\
    \n#\t:put \$tmpAddress;\r\
    \n\r\
    \n# if address list is empty do not check\r\
    \n        :if ( [/ip firewall address-list find ] = \"\") do={\r\
    \n            :log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\
    \n            /ip firewall address-list add address=\$tmpAddress list=skype_dns_ips comment=\$cacheName;\r\
    \n        } else={\r\
    \n            :foreach j in=[/ip firewall address-list find ] do={\r\
    \n                :if ( [/ip firewall address-list get \$j address] = \$tmpAddress ) do={\r\
    \n                    :set bNew \"false\";\r\
    \n                }\r\
    \n            }\r\
    \n            :if ( \$bNew = \"true\" ) do={\r\
    \n                :log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\
    \n                /ip firewall address-list add address=\$tmpAddress list=skype_dns_ips comment=\$cacheName;\r\
    \n            }\r\
    \n        }\r\
    \n    }\r\
    \n}"/system scheduler
add disabled=no interval=5s name=Skype on-event="/system script run skype_script" policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    start-time=startup

Posted by
Labels:
at 9:03 AM

1 comments:

  1. felisha greenApril 13, 2020 at 9:50 AM

    Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : cybergoldenhacker at gmail dot com

    ReplyDelete

Subscribe to: Post Comments (Atom)
 
Top