Question

3

iptables and skype

rated 0 times [ 3] [ 0] / answers: 1 / hits: 4972 / 2 Years ago, tue, march 1, 2022, 7:20:54

Does anyone here use iptables with skype? The only way I have been able to get it working so far is to allow all the high ports- something like

iptables -A OUTPUT -p UDP --dport 1024:65535 -j ACCEPT

iptables -A OUTPUT -p tcp --dport 1024:65535 -j ACCEPT

iptables -A INPUT -p UDP --dport 1024:65535 -j ACCEPT

iptables -A INPUT -p tcp --dport 1024:65535 -j ACCEPT

which is obviously less than ideal. The problem is as far as I can tell the ports skype uses are somewhat random. I was hoping it might be possible to allow application level firewalling by using setuid or setguid, for example

sudo addgroup skypeGrp

sudo usermod theUser -G skypeGrp

sudo chgrp skypeGrp /usr/bin/skype

chmod g+s /usr/bin/skype

iptables -A OUTPUT -m owner --gid-owner skypeGrp -j ACCEPT

but this didn't seem to work.

Perhaps other have a better solution?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

rvousnove

Add To Favorites

Follow

Total Points: 456

Total Questions: 130

Total Answers: 98

Location: El Salvador

Member since Sun, Sep 12, 2021

3 Years ago

answered 2 Years ago repend · Accepted Answer

Set it up to allow all outbound. And then allow related/established as one of the first rules.

Something like:

# Accept loopback & established/related connections

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT



# Drop invalid on tcp

iptables -A INPUT -p tcp -m conntrack --ctstate INVALID -j DROP



# Set default DROP policy

iptables -P INPUT DROP

iptables -P FORWARD DROP



# But allow everything out

iptables -P OUTPUT ACCEPT



# Now set what you want to allow in.



# e.g. SSH in

iptables -A INPUT -p tcp --dport 22 -j ACCEPT