I am using Skype but I am blocked - what can I do?
First install the latest Skype version and check if you are still blocked with it. Skype is updated very frequently. It is possible that the problem will disappear if you use the latest version.
Usually the block is triggered by UDP packets. There are various solutions for this problem, depending on the computer's operating system:
Windows 7, 8
Under Windows, two solutions have been successful:
Using the registry editor (also via the group policy), Skype can be kept from either being a supernode or from generating UDP traffic (see http://download.skype.com/share/security/network-admin-guide-version2.2.pdf). You will need to make the following entries to the registry:
HKEY_CURRENT_USER\Software\Policies\Skype\Phone, DisableUDP, REG_DWORD = 1
HKEY_CURRENT_USER\Software\Policies\Skype\Phone, DisableSupernode, REG_DWORD = 1
This can be done either manually or by double clicking the file LRZ-skype.reg that was previously stored locally.
The entries in
had no effect in our tests.
We have blocked all UDP and almost all TCP packets that are sent by Skype with a personal firewall. TCP packets are also blocked because Skype simply switches to TCP after UDP is blocked. Skype functions in spite of this intervention, but your computer is no longer blocked, at least no longer because of Skype.
We used the Windows 7 Professional operating system and the on-board Windows Firewall for our tests. We have compiled the main points of the necessary configuration steps for this operating system:
Control Panel/Windows Firewall/Advanced Controls/Outbound Rules/New Rule
Rule Type Custom This program path Path_to_Skype\Skype.exe Protocol and ports Protocol type: UDP Local port: All Ports Remote port: All Ports Scope For which local IP addresses does this rule apply? Any IP address For which remote IP addresses does this rule apply? Any IP address Action Block the connection Profile Domain Private Public Name Skype-Bremse-UDP Description Prevents Skype UDP traffic Finish
Rule Type Custom This program path Path_to_Skype\Skype.exe Protocol and ports Protocol type: TCP Local port: All Ports Remote port: Specific Ports 1-79, 81-442, 444-65535 Scope For which local IP addresses does this rule apply? Any IP address For which remote IP addresses does this rule apply? Any IP address Action Block the connection Profile Domain Private Public Name Skype-Bremse-TCP Description Prevents Skype TCP traffic except for destination ports 80 and 443. Finish
Unfortunately, the Windows Vista operating system does not allow you to configure port ranges (such as 1 - 79), so that the TCP rule has to be left out. It is possible that the UDP rule is sufficient. It is worth trying.
If both solutions don't seem to succeed try to remove and reinstall Skype.
Mac OS X (updated 2015-07)
There is a solution with a third-party application firewall (subject to a charge): "Little Snitch". You can download a demo version that runs for three hours from the vendor (external link: http://www.obdev.at/products/littlesnitch/index.html)
For the Skype application you need to add the following rules:
- Allow outgoing TCP connections to port 80 (http)
- Allow outgoing TCP connections to port 443 (https)
- Deny all other outbound connections (TCP/UDP)
Use the sandbox built into Mac OS X (experienced users only)
The process was sucessfully tested with Mac OS X 10.7 (Lion), it should work with 10.6 (Snow Leopard) as well. Putting a program into a sandbox enables the user to control the program's access to system resources. In this case only UDP-network access will be blocked for Skype. You need a configuration file, where the rules for the sandbox will be defined. Copy this file to a local directory an name it e.g.
(local tcp "*:*")
(local udp "*:*")
(local udp "localhost:*")
(remote tcp "*:*")
(remote udp "localhost:*"))
Now you have to locate the path of the Skype-executable. If installed into the default directory, the path will be:
Use the following command (in one line) to start the sandboxed Skype Application:
sandbox-exec -f skype-no-udp.sb /Applications/Skype.app/Contents/MacOS/Skype
More detailed information on the German Version of this page.
No systematic solution is available yet.
Workaround: Use iptables/netfilter to block all UDP connections except for those that are absolutely necessary, such as DHCP, DNS, NTP, etc.
We would like to pass on to you several solutions in the web that users pointed out. These solutions have not been tested by us and therefore come without warranty or support: