Schedules and Skype Fun!
-
I've been running schedules for my kids for quite a while and for the most part it works, lots of bits to put in place and keep up with, especially around holidays when schedules change etc but for the most part it works.
The one area that I have yet to drive a stake through is Skype, I have tried lots of different things (although I haven't tried the snort approach yet) to block it after the schedules expire but it just keeps working. Looking at the flows via ntop it is UDP stun traffic that is making it through. What I do not understand is how it is getting around the block rule for his IP addresses. I have mine setup where I have allowed rules that are schedule based and then I have a permanent block rule after them for their IP's, all of them using alias's. I thought it was using the anti lock out rule but I removed it and created another instance below their block rule.
Here are the snapshots of my LAN rules, if anyone see's anything or has any suggestions that might let me stomp on it please let me know.