[Firehol-support] FireQOS: Skype Traffic

Phineas Gage phineas919 at gmail.com
Tue Oct 28 10:33:27 GMT 2014

I’m not sure if you’ll get a better response, but Skype is very difficult to classify due to its use of various ports. Even with L7 filtering it’s not easy to do perfectly, and as far as I know there isn’t very good L7 Skype filtering available for Linux. If you’ve got control over your user base, there’s a way in Skype to set the port that’s used, but it’s not practical if there are many clients, and sometimes this port setting isn’t even used.

What I ended up doing is first dividing trusted and untrusted users. This was easy in my environment using srcmac and dstmac because untrusted users appear from the MAC addresses of our Open Mesh routers, whereas trusted users are bridged and have the MAC address of their device. I gave trusted users a higher priority for ALL of their UDP traffic, and they know not to abuse this privilege, but I also added a “ceil” of 80% to avoid UDP saturating the connection. In practice this has worked reasonably well because there are only a few trusted users, and they don’t need heavy UDP usage for very long.

> On Oct 28, 2014, at 10:54 AM, Iaan Louw <iaan at vexen.co.za> wrote:
> I am not sure if I am at the right place to ask this question.   I have successfully (with the example and documentation ) managed to set Quality Of Service on my SIP traffic in the office.
> The example regarding apple facetime also works 'dandy'.
> Another thing we rely on for real time communication is Skype.   How do I set priority on Skype traffic? Does anyone have an example perhaps?
> Many thanks in advance
> Iaan Louw
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support

More information about the Firehol-support mailing list