Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

Restricting Skype on Gentoo

# /etc/portage/env/net-im/skype by Michael Weber Aug 3rd 2011
# Hotfix to restrict skype outbound to tcp/80 and tcp/443
# to avoid penalties inside cooperate/campus networks
# inspired by/ripped of Erich Schuberts
# http://www.vitavonni.de/blog/201107/2011072601-restricting-skype-via-iptables.html

post_src_install() {
        fowners :skype /opt/${PN}/${PN} || die
        fperms g+s /opt/${PN}/${PN} || die
        dodir /etc/local.d
        cat > ${D}/etc/local.d/skype.start <<EOF
#!/bin/sh
exit
einfo restricting group skype to outbound tcp/80 and tcp/443
iptables -I OUTPUT -p tcp -m owner --gid-owner skype \\
        -m multiport ! --dports 80,443 -j REJECT
iptables -I OUTPUT -p udp -m owner --gid-owner skype -j REJECT
EOF   
        cat > ${D}/etc/local.d/skype.stop <<EOF
#!/bin/sh
exit
iptables -D OUTPUT -p tcp -m owner --gid-owner skype \\
        -m multiport ! --dports 80,443 -j REJECT
iptables -D OUTPUT -p udp -m owner --gid-owner skype -j REJECT
EOF   
        elog "Take a look at /etc/local.d/skype.{start,stop} and incooperate"
        elog "the rules with your iptables/firewall setup, mind the exit."
        fperms +x /etc/local.d/skype.{start,stop}
}

post_pkg_setup() {
        enewgroup skype
}
Tags: linux own

Don't be the product, buy the product!

Schweinderl