Was messing around earlier with the latest version of PIX/ASA 7.2.2 OS
software, and noticed there are several canned inspection filters for
peer-to-peer and IM traffic, likewise you can do regexp matching on
headers and whatnot (as well as do custom ones) to inspect and kill
traffic at a more granular level than just filtering by port or whatnot.

Question is, has anyone played with this in any depth and have any
filters already that will block Skype and other common stuff that people
shouldn't be running without permission?

Yes, I'd rather ask vs going and doing it myself...if someone else has
already done it and is willing to share.
firewall-wizards mailing list