Blocking whatsapp

Hi ,

How to block whatsapp from my router i'm using openwrt 19.1.. I tried to add some whatsapp host name in my iptables rules but it is not working. Every time whatapp start it tried to send diff destiantion address.

I found whatsapp port 5222, 5223,443,80 but blocking port 443 and 80 will block all https and http traffic. Any suggestion

if the DNS names are completely random, you can't really do much about it.

there's however, no idea how up to date it is. this is outdated

based on ... ?

Ip mention in the list are old i selected all the iptables ips mention it is not dropping. Im seeing ip range start with 3.12..

i found this while pinging


This one works, just tried it, thnx @pavelgl.

1 Like

@frollic, you able to block via DNS ?
I do not have option via DNS . I added in iptables but sitll whatsapp messages and call going

nope, I added the list of IPs posted by @pavelgl as an ipset.

1 Like

please share more info about ipset how to fix this in router

search the forum for luci ipset or ipset iptables.


Since WhatsApp is owned by Facebook/Meta, their services seem to be quite tightly integrated, so blocking WhatsApp likely requires to block Facebook:


Thank you @pavelgl @frollic @vgaetera, successfully able to block whatsapp now

1 Like

Very strange today i running my router in different ISP provider. I blocked the whatsaapp all the ip present in list.

Even after dropping all the ips from filter table still whatsapp call and messages are working. tcpdump given new different set of Ips

Those IPs mostly match SecOps-Institute/FacebookIPLists owned by Facebook/Meta.

Whatsapp will be using a huge Content Delivery Network. I dont believe it is possible to block such a company with IP addresses or names alone, it would be an absolutely mammoth task. The best thing to do would be to use a public DNS service (maybe opendns or similar) and block it through that. The other alternative would be to find some kind of script based blocking service. The reason the destination IP's change is because whatsapp is probably run on about 10,000 CDN servers

Blocking hundreds of thousands is no problem these days even on consumer level hardware. Supporting a good quality blocklist is harder.

1 Like

You're probably correct but it's a lot more of a hassle trying to find the IP range of a company or that companies application than it used to be. They want everyone to use their apps so they are sneaky. Never trust a social media giant. They know what you're up to and keep changing the goalposts :rofl:
Just when you think you're winning they dont just move the goalposts, they move to a different pitch and score a million goals to your 10 before you even realise