{"id":10759,"date":"2024-03-10T15:07:12","date_gmt":"2024-03-10T20:07:12","guid":{"rendered":"https:\/\/www.rushworth.us\/lisa\/?p=10759"},"modified":"2024-03-10T15:07:12","modified_gmt":"2024-03-10T20:07:12","slug":"firewall-settings-local-network-access-plus-skype","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=10759","title":{"rendered":"Firewall Settings: Local Network Access Plus Skype"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">I&#8217;m playing around with blocking all outbound connections on our computers and run most traffic through a proxy &#8230; Skype, however, won&#8217;t make voice\/video calls with the HTTPS proxy set. We had to add a <em>lot<\/em> of subnets to the ruleset before the called party would get a ring. But it finally worked. This is the NFT ruleset, but I&#8217;ve got the same subnets added to the Windows Firewall too. <\/p>\n\n\n<div class=\"wp-block-syntaxhighlighter-code \"><pre class=\"brush: plain; title: ; notranslate\" title=\"\">\ntable inet filter {\n        chain WIFI-FILTERONLYLOCAL {\n                type filter hook output priority filter; policy accept;\n                ip protocol tcp ip daddr 10.0.0.0\/8 accept\n                ip protocol udp ip daddr 10.0.0.0\/8 accept\n                ip protocol tcp ip daddr 13.64.0.0\/11 accept\n                ip protocol tcp ip daddr 13.96.0.0\/13 accept\n                ip protocol tcp ip daddr 13.104.0.0\/14 accept\n                ip protocol tcp ip daddr 13.107.0.0\/16 accept\n                ip protocol tcp ip daddr 13.107.6.171\/32 accept\n                ip protocol tcp ip daddr 13.107.18.15\/32 accept\n                ip protocol tcp ip daddr 13.107.140.6\/32 accept\n                ip protocol tcp ip daddr 20.20.32.0\/19 accept\n                ip protocol tcp ip daddr 20.180.0.0\/14 accept\n                ip protocol tcp ip daddr 20.184.0.0\/13 accept\n                ip protocol tcp ip daddr 20.190.128.0\/18 accept\n                ip protocol tcp ip daddr 20.192.0.0\/10 accept\n                ip protocol tcp ip daddr 20.202.0.0\/16 accept\n                ip protocol udp ip daddr 20.202.0.0\/16 accept\n                ip protocol tcp ip daddr 20.231.128.0\/19 accept\n                ip protocol tcp ip daddr 40.126.0.0\/18 accept\n                ip protocol tcp ip daddr 51.105.0.0\/16 accept\n                ip protocol tcp ip daddr 51.116.0.0\/16 accept\n                ip protocol tcp ip daddr 52.108.0.0\/14 accept\n                ip protocol tcp ip daddr 52.112.0.0\/14 accept\n                ip protocol tcp ip daddr 52.138.0.0\/16 accept\n                ip protocol udp ip daddr 52.138.0.0\/16 accept\n                ip protocol tcp ip daddr 52.145.0.0\/16 accept\n                ip protocol tcp ip daddr 52.146.0.0\/15 accept\n                ip protocol tcp ip daddr 52.148.0.0\/14 accept\n                ip protocol tcp ip daddr 52.152.0.0\/13 accept\n                ip protocol tcp ip daddr 52.160.0.0\/11 accept\n                ip protocol tcp ip daddr 52.244.37.168\/32 accept\n                ip protocol tcp ip daddr 138.91.0.0\/16 accept\n                ip protocol udp ip daddr 138.91.0.0\/16 accept\n                ip protocol icmp accept\n                ip protocol udp ct state { established, related } accept\n                limit rate over 1\/second log prefix &quot;FILTERONLYLOCAL: &quot;\n                drop\n        }\n}\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"<p>I&#8217;m playing around with blocking all outbound connections on our computers and run most traffic through a proxy &#8230; Skype, however, won&#8217;t make voice\/video calls with the HTTPS proxy set. We had to add a lot of subnets to the ruleset before the called party would get a ring. But it finally worked. This is &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30],"tags":[1737,1988,1989,766],"class_list":["post-10759","post","type-post","status-publish","format-standard","hentry","category-system-administration","tag-firewall","tag-nft","tag-nftables","tag-skype"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/10759","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10759"}],"version-history":[{"count":1,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/10759\/revisions"}],"predecessor-version":[{"id":10760,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/10759\/revisions\/10760"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10759"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10759"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10759"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}