Block Facetime
-
Try to block port 5223
https://discussions.apple.com/thread/3354708
-
Try looking here
https://support.apple.com/en-us/HT202078
This is from Apple with what ports they use.
-
I just tried my daughters phone. If you look at the history the domains to block are
edge-mqtt.facebook.com
edge-chatt.facebook.com
graph.facebook.com
I blocked those, but they are still going through.
Now if you block port 443 then it does not go through. But that will block all "Secure" websites at the same time.
What about blocking "Social" from 11pm to 8am?
-
I don't know if @Firewalla needs to look at it, but I blocked those domains I listed above and the "History" for the device shows that it was blocked, but the message came through.
I can say, that blocking port 443 did stop the Facebook Messenger app from sending or receiving messages, but it also blocks all secure websites at the same time.
-
I was successfully able to block iMessage by blocking the IP address range 17.57.144.0/24
Now if this is a cell phone, then no matter what you do, the message will go though. iPhone's are designed to get the message out, so if it can't go out via wifi, then it will send it via cellular which will bypass the Firewalla. I had to turn my cellular off and once I did and blocked that IP address range, the message could not go through.
I have not tried FaceTime yet.
-
Hmm.. okay. So blocking 17.57.144.0/24 on my Firewalla for the iPads does not stop them from using Facetime. Just been getting them to test for me and it didn't even skip a beat.
I know blocking is working as such because if I block a URL that gets blocked as expected.
Not sure what occurring here.
-
what I did was run a tcpdump.
ssh into the Red.
- have your iPad to test with and note the IP address of the iPad.
- get the device connection (you can issue the command "route" and look for your subnet ... i.e 192.168.x.x what I am looking for is something like eth0 or eth1 or it might be br0)
- type in "sudo tcpdump -i br0 | grep 192.168.x.x"
put your interface name in place of "br0" and then the ip of the iPad in place of the "192.168.x.x"*I'm not sure if you will have to put the interface name in though since you only have one interface. I have the gold so it defaults to eth0 which is the WAN port. You could try without specifying a interface name (br0 or eth0).*
You will start to see a lot of information in the output. I tested with iMessage first and only hit enter on the tcpdump command right before I hit send in iMessage. Once the message was sent and says "delivered" I would hit "ctrl + c" to stop the tcpdump. Then started looking at the ip addresses. I noticed that the port 5223 was used during the exchange but just blocking that port did nothing for me. The port is at the end of the IP address (17.57.144.36.5223).
I blocked the IP address I saw, tried again, then saw that it does indeed block it, but another ip address came up, blocked that one too. After the 5th time I just blocked the range.
Please sign in to leave a comment.
Comments
26 comments