To enable for Internet chat I set up Google Chat and Skype. My firewall rules have been extremely restrictive with only known and approved services allowed to connect. Google Chat installed with no noticeable impact to the firewall. Things did not go so well with Skype.
The installation of Skype resulted in lots of warnings on the firewall. Outgoing tests worked with only port 80 and 443 open. Skype’s peer-to-peer approach requires at least one port be opened incoming and and a large range of ports outgoing. They specify all ports over 1024 should be open. Their preferred mode seems to be to use uPnP to dynamically modify the firewall. They do allow you to attempt to set fixed incoming port which is also used for some outgoing UDP traffic. Continue reading