Block Facetime

Comments

26 comments

  • Avatar
    James Powell

    No one?

    0
    Comment actions Permalink
  • Avatar
    James Powell

    Can anyone help on this?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Try to block port 5223 

    https://discussions.apple.com/thread/3354708

     

    0
    Comment actions Permalink
  • Avatar
    James Powell

    Hi @Firewalla

    I've blocked port 5223 permanently on my apple devices and they remain able to facetime as normal.

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    I know it’s 2 months old, but you could just put the devices into a group and then turn the internet off at 11pm.....

    I know messenger has a feature that does this for you. I use that with my daughter. It will not allow her to use messenger from 8pm until 8am.

    0
    Comment actions Permalink
  • Avatar
    James Powell

    I might have to check iMessenger to see what I can find.

    The reason I wanted to use a block on Facetime/Messages only is because I was fine with them still playing their games and accessing Netflix, just not the chatting so late.

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    Try looking here

    https://support.apple.com/en-us/HT202078

    This is from Apple with what ports they use.

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    Also, the messenger I use is the messenger for kids. Look for “sleep mode”

    0
    Comment actions Permalink
  • Avatar
    James Powell

    Thanks for the help and input James. I did try blocking those ports listed, but I could still facetime and message just fine. 🤷‍♂️

    I'll have a look to pause them at the app level instead 👍

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    I just tried my daughters phone. If you look at the history the domains to block are

    edge-mqtt.facebook.com

    edge-chatt.facebook.com

    graph.facebook.com

    I blocked those, but they are still going through.

    Now if you block port 443 then it does not go through. But that will block all "Secure" websites at the same time.

    What about blocking "Social" from 11pm to 8am?

    0
    Comment actions Permalink
  • Avatar
    James Powell

    I don't think those hosts are anything Facetime or iMessenger uses.

    Blocking "Social" does not affect Facetime or iMessenger at all.

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    This is looking at just Facebook right now, not Apple.

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    I don't know if @Firewalla needs to look at it, but I blocked those domains I listed above and the "History" for the device shows that it was blocked, but the message came through.

    I can say, that blocking port 443 did stop the Facebook Messenger app from sending or receiving messages, but it also blocks all secure websites at the same time.

    0
    Comment actions Permalink
  • Avatar
    James Powell

    Yeah blocking 443 entirely will impact all-sorts so that won't be any good.

    I'm trying to block Apple's iMessenger and Facetime. Not Facebook 🙂

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    Sorry, I read iMessage as messenger above.

    0
    Comment actions Permalink
  • Avatar
    James Powell

    No problem I appreciate the help!

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    I was successfully able to block iMessage by blocking the IP address range 17.57.144.0/24

    Now if this is a cell phone, then no matter what you do, the message will go though. iPhone's are designed to get the message out, so if it can't go out via wifi, then it will send it via cellular which will bypass the Firewalla. I had to turn my cellular off and once I did and blocked that IP address range, the message could not go through.

     

    I have not tried FaceTime yet.

    0
    Comment actions Permalink
  • Avatar
    James Powell

    Thanks James, thanks for the update!

    I'll Be keen to know how you get on with Facetime as that's a key one for me. Will try putting that range in a timed block.

    These are iPads so will have only the WiFi to get out.

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    It looks like that same IP address range will block FaceTime too. I tried it on my Cell. Turned off the cell and tried to make a FaceTime call. it would not go out.

    0
    Comment actions Permalink
  • Avatar
    Shawn H

    Just keep in mind that blocking that IP address range will block almost all apple services, so backups and such will not run either. and They usually run at night when plugged in. 

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    This is true. While looking at the tcpdump the iPhone cycled through quite a few ip's in that range trying to make the request. I'll have to see if I can track down the specific set of IPs

    0
    Comment actions Permalink
  • Avatar
    James Powell

    Hmm.. okay. So blocking 17.57.144.0/24 on my Firewalla for the iPads does not stop them from using Facetime. Just been getting them to test for me and it didn't even skip a beat.

    I know blocking is working as such because if I block a URL that gets blocked as expected.

    Not sure what occurring here.

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    I wonder if you are using a different set of IP addresses? I'm in TN and that is what I saw come up on my tcpdump.

    What Firewalla are you using? Red/Blue/Gold?

    Are you comfortable using the command line?

    0
    Comment actions Permalink
  • Avatar
    James Powell

    I'm using a Red, but I have Google WiFi so I'm running the Firewalla in DHCP mode as it was conflicting. Maybe that's related, although as I say regular URL and internet blocking works just fine.

    Happy to run a command line command if it will help me get to the bottom of it.

    0
    Comment actions Permalink
  • Avatar
    James Willhoite

    what I did was run a tcpdump.

    ssh into the Red. 

    - have your iPad to test with and note the IP address of the iPad.
    - get the device connection (you can issue the command "route" and look for your subnet ... i.e 192.168.x.x what I am looking for is something like eth0 or eth1 or it might be br0)
    - type in "sudo tcpdump -i br0 | grep 192.168.x.x"
      put your interface name in place of "br0" and then the ip of the iPad in place of the "192.168.x.x"

    *I'm not sure if you will have to put the interface name in though since you only have one interface. I have the gold so it defaults to eth0 which is the WAN port. You could try without specifying a interface name (br0 or eth0).*

    You will start to see a lot of information in the output. I tested with iMessage first and only hit enter on the tcpdump command right before I hit send in iMessage. Once the message was sent and says "delivered" I would hit "ctrl + c" to stop the tcpdump. Then started looking at the ip addresses. I noticed that the port 5223 was used during the exchange but just blocking that port did nothing for me. The port is at the end of the IP address (17.57.144.36.5223).

    I blocked the IP address I saw, tried again, then saw that it does indeed block it, but another ip address came up, blocked that one too. After the 5th time I just blocked the range.

     

    0
    Comment actions Permalink
  • Avatar
    Anthony G

    The Screen Time feature on their devices would be a great way to solve for this.

    0
    Comment actions Permalink

Please sign in to leave a comment.