I am using Skype but I am blocked - what can I do?

First install the latest Skype version and check if you are still blocked with it. Skype is updated very frequently. It is possible that the problem will disappear if you use the latest version.

Usually the block is triggered by UDP packets. There are various solutions for this problem, depending on the computer's operating system:

Windows 7, 8

Under Windows, two solutions have been successful:

  1. Using the registry editor (also via the group policy), Skype can be kept from either being a supernode or from generating UDP traffic (see http://download.skype.com/share/security/network-admin-guide-version2.2.pdf). You will need to make the following entries to the registry:

    HKEY_CURRENT_USER\Software\Policies\Skype\Phone, DisableUDP, REG_DWORD = 1
    HKEY_CURRENT_USER\Software\Policies\Skype\Phone, DisableSupernode, REG_DWORD = 1

    This can be done either manually or by double clicking the file LRZ-skype.reg that was previously stored locally.

    The entries in

    HKEY_CURRENT_USER\Software\Skype\Phone

    had no effect in our tests.

  2. We have blocked all UDP and almost all TCP packets that are sent by Skype with a personal firewall. TCP packets are also blocked because Skype simply switches to TCP after UDP is blocked. Skype functions in spite of this intervention, but your computer is no longer blocked, at least no longer because of Skype.
    We used the Windows 7 Professional operating system and the on-board Windows Firewall for our tests. We have compiled the main points of the necessary configuration steps for this operating system:


    Control Panel/Windows Firewall/Advanced Controls/Outbound Rules/New Rule

    Rule TypeCustom
    This program path Path_to_Skype\Skype.exe
    Protocol and ports Protocol type: UDP
      Local port: All Ports
      Remote port: All Ports
    Scope For which local IP addresses does this rule apply? Any IP address
      For which remote IP addresses does this rule apply? Any IP address
    Action Block the connection
    Profile Domain
      Private
      Public
    Name Skype-Bremse-UDP
    Description Prevents Skype UDP traffic
    Finish  

    New Rule

    Rule TypeCustom
    This program path Path_to_Skype\Skype.exe
    Protocol and ports Protocol type: TCP
      Local port: All Ports
      Remote port: Specific Ports
      1-79, 81-442, 444-65535
    Scope For which local IP addresses does this rule apply? Any IP address
      For which remote IP addresses does this rule apply? Any IP address
    Action Block the connection
    Profile Domain
      Private
      Public
    Name Skype-Bremse-TCP
    Description Prevents Skype TCP traffic except for destination ports 80 and 443.
    Finish  

    Unfortunately, the Windows Vista operating system does not allow you to configure port ranges (such as 1 - 79), so that the TCP rule has to be left out. It is possible that the UDP rule is sufficient. It is worth trying.

If both solutions don't seem to succeed try to remove and reinstall Skype.

Windows 10

Instruction follows.

Mac OS X (updated 2015-07)

  1. There is a solution with a third-party application firewall (subject to a charge): "Little Snitch". You can download a demo version that runs for three hours from the vendor (external link: http://www.obdev.at/products/littlesnitch/index.html)

    For the Skype application you need to add the following rules:

    • Allow outgoing TCP connections to port 80 (http)
    • Allow outgoing TCP connections to port 443 (https) 
    • Deny all other outbound connections (TCP/UDP)

  2. Use the sandbox built into Mac OS X (experienced users only)

    The process was sucessfully tested with Mac OS X 10.7 (Lion), it should work with 10.6 (Snow Leopard) as well. Putting a program into a sandbox enables the user to control the program's access to system resources. In this case only UDP-network access will be blocked for Skype. You need a configuration file, where the rules for the sandbox will be defined. Copy this file to a local directory an name it e.g. skype-no-upd.sb:

    (version 1)
    (allow network-inbound
           (local tcp "*:*")
           (local udp "*:*")
           (local udp "localhost:*")
    )
    (allow network-outbound
           (literal "/private/var/run/mDNSResponder")
           (remote tcp "*:*")
           (remote udp "localhost:*"))
    (allow default)
    ; all|allow

    Now you have to locate the path of the Skype-executable. If installed into the default directory, the path will be:/Applications/Skype.app/Contents/MacOS/Skype
    Use the following command (in one line) to start the sandboxed Skype Application:
    sandbox-exec -f skype-no-udp.sb /Applications/Skype.app/Contents/MacOS/Skype
    More detailed information on the German Version of this page.

Linux

No systematic solution is available yet.

Workaround: Use iptables/netfilter to block all UDP connections except for those that are absolutely necessary, such as DHCP, DNS, NTP, etc.

We would like to pass on to you several solutions in the web that users pointed out. These solutions have not been tested by us and therefore come without warranty or support:

http://permalink.gmane.org/gmane.org.freifunk.berlin/9527

http://www.vitavonni.de/blog/201107/2011072601-restricting-skype-via-iptables.html