How to Block Skype Traffic in Mikrotik


Since last several week i am blocking a Skype traffic in my office environment. I have tried Layer-7 protocol to stop traffic but i am failed on it. So i search internet but not found any solution….

After that i have contact my friend who help me on it ..

/ip firewall address-list
add address=111.221.74.0/24 comment=\
    "------------- disable_skype  -------------" disabled=no list=skype_servers_x
add address=111.221.77.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=157.55.130.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=157.55.235.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=157.55.56.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=157.56.52.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=213.199.179.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=63.245.217.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=64.4.23.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x
add address=65.55.223.0/24 comment=disable_skype disabled=no list=\
    skype_servers_x

/ip firewall filter
add action=drop chain=forward comment="Skype - Block - Pool" disabled=yes \
    dst-address-list=skype_servers_x

If you need to catch Skype server address via dns .. use below script… It just fetch address from dns and create address-list

Test under v.5.x

/system script
add name=skype_script policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api source=":foreach i in=[/ip dns cache find] do={\r\
    \n    :local bNew \"true\";\r\
    \n    :local cacheName [/ip dns cache all get \$i name] ;\r\
    \n#    :put \$cacheName;\r\
    \n\r\
    \n    :if ([:find \$cacheName \"skype\"] != 0) do={\r\
    \n\r\
    \n        :local tmpAddress [/ip dns cache get \$i address] ;\r\
    \n#\t:put \$tmpAddress;\r\
    \n\r\
    \n# if address list is empty do not check\r\
    \n        :if ( [/ip firewall address-list find ] = \"\") do={\r\
    \n            :log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\
    \n            /ip firewall address-list add address=\$tmpAddress list=skype_dns_ips comment=\$cacheName;\r\
    \n        } else={\r\
    \n            :foreach j in=[/ip firewall address-list find ] do={\r\
    \n                :if ( [/ip firewall address-list get \$j address] = \$tmpAddress ) do={\r\
    \n                    :set bNew \"false\";\r\
    \n                }\r\
    \n            }\r\
    \n            :if ( \$bNew = \"true\" ) do={\r\
    \n                :log info (\"added entry: \$[/ip dns cache get \$i name] IP \$tmpAddress\");\r\
    \n                /ip firewall address-list add address=\$tmpAddress list=skype_dns_ips comment=\$cacheName;\r\
    \n            }\r\
    \n        }\r\
    \n    }\r\
    \n}"/system scheduler
add disabled=no interval=5s name=Skype on-event="/system script run skype_script" policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api \
    start-time=startup
Advertisements

2 comments

  1. New address list, on 02/07/2015:
    add address=111.221.74.0/24 comment=”————- disable_skype ————-” list=skype_servers_x
    add address=111.221.77.0/24 comment=disable_skype list=skype_servers_x
    add address=157.55.130.0/24 comment=disable_skype list=skype_servers_x
    add address=157.55.235.0/24 comment=disable_skype list=skype_servers_x
    add address=157.55.56.0/24 comment=disable_skype list=skype_servers_x
    add address=157.56.52.0/24 comment=disable_skype list=skype_servers_x
    add address=213.199.179.0/24 comment=disable_skype list=skype_servers_x
    add address=63.245.217.0/24 comment=disable_skype list=skype_servers_x
    add address=64.4.23.0/24 comment=disable_skype list=skype_servers_x
    add address=65.55.223.0/24 comment=disable_skype list=skype_servers_x
    add address=134.170.19.0/24 comment=disable_skype list=skype_servers_x
    add address=157.56.53.0/24 comment=disable_skype list=skype_servers_x
    add address=191.239.211.0/24 comment=disable_skype list=skype_servers_x
    add address=191.235.188.0/24 comment=disable_skype list=skype_servers_x
    add address=134.170.0.0/24 comment=disable_skype list=skype_servers_x
    add address=157.56.114.0/24 comment=disable_skype list=skype_servers_x
    add address=191.233.80.0/24 comment=disable_skype list=skype_servers_x
    add address=104.41.213.0/24 comment=disable_skype list=skype_servers_x
    add address=104.40.141.0/24 comment=disable_skype list=skype_servers_x
    add address=104.47.139.0/24 comment=disable_skype list=skype_servers_x
    add address=191.235.187.0/24 comment=disable_skype list=skype_servers_x
    add address=23.102.24.0/24 comment=disable_skype list=skype_servers_x
    add address=91.190.216.0/24 comment=disable_skype list=skype_servers_x
    add address=137.116.195.0/24 comment=disable_skype list=skype_servers_x
    add address=134.170.24.0/24 comment=disable_skype list=skype_servers_x
    add address=157.56.108.0/24 comment=disable_skype list=skype_servers_x

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.