Discussion in 'Tomato Firmware' started by Elfew, Feb 20, 2013.

  Elfew

    Elfew

    Hi, I need some help. I wanna disable skype calls from 22:00 to 6:00 in access restriction. I set everything - day,time,pc mac adress and layer... But it doesnt work - skype calls work with no problem.

    Any idea or which layer or ports should I disable?

    And second question - there is no way how to block https website right?
  xorglub

    xorglub

    Skype is AFAIK impossible to block completely - it will fall back to an http tunnel eventually. The only thing which used to work is block direct internet access and proxy everything. Then configure the proxy to deny connection by ip only.

    For https you can't block them by domain name, they have static ips so you could block those, but if it is a "big" website they most likely are using a CDNs which would make your task of finding which address to block a difficult one.
  koitsu

    koitsu

    Nonsense. Blocking HTTP traffic is possible via layer 7 filtering, assuming you do some packet captures and look at the client headers being submit, then block off of one of those (such as the Host: header). There is a performance hit for this (i.e. expect overall router throughput going out the WAN to be decreased).

    I thought the same thing, until I was actually given packet captures. Please read the entire thread (do not skim it, read it -- I go into the extensive technical details):

    In summary: yes it's blockable, but no current versions of Tomato/TomatoUSB compile in the xt_string netfilter/iptables module needed to accomplish what's needed. I provide a diff in my very last post, if someone wishes to build their own.

    In general, I strongly suggest that if you have someone who is abusing service on your network (whether that be children who cannot follow rules, or a roommate/housemate who is being inappropriate), you solve the problem via social means. It's near impossible to solve social problems with technology, at least with a 100% (or even 99%) reliability rate.
