Blocking whatsapp

Aj2021 · August 29, 2023, 9:47am

Hi ,

How to block whatsapp from my router i'm using openwrt 19.1.. I tried to add some whatsapp host name in my iptables rules but it is not working. Every time whatapp start it tried to send diff destiantion address.

I found whatsapp port 5222, 5223,443,80 but blocking port 443 and 80 will block all https and http traffic. Any suggestion

frollic · August 29, 2023, 9:50am

if the DNS names are completely random, you can't really do much about it.

there's however https://github.com/ukanth/afwall/wiki/HOWTO-blocking-WhatsApp, no idea how up to date it is.

Aj2021 · August 29, 2023, 10:32am

https://github.com/ukanth/afwall/wiki/HOWTO-blocking-WhatsApp this is outdated

frollic · August 29, 2023, 10:39am

based on ... ?

Aj2021 · August 29, 2023, 10:43am

Ip mention in the list are old i selected all the iptables ips mention it is not dropping. Im seeing ip range start with 3.12..

Aj2021 · August 29, 2023, 10:45am

i found this while pinging ac9293e5fb5d2d1d2.awsglobalaccelerator.com

pavelgl · August 29, 2023, 10:49am

https://github.com/HybridNetworks/whatsapp-cidr

frollic · August 29, 2023, 11:09am

This one works, just tried it, thnx @pavelgl.

Aj2021 · August 29, 2023, 11:34am

@frollic, you able to block via DNS ?
I do not have option via DNS . I added in iptables but sitll whatsapp messages and call going

frollic · August 29, 2023, 11:36am

nope, I added the list of IPs posted by @pavelgl as an ipset.

Aj2021 · August 29, 2023, 11:43am

please share more info about ipset how to fix this in router

frollic · August 29, 2023, 11:44am

search the forum for luci ipset or ipset iptables.

vgaetera · August 29, 2023, 2:04pm

Aj2021 · August 30, 2023, 5:55am

Thank you @pavelgl @frollic @vgaetera, successfully able to block whatsapp now

Aj2021 · September 1, 2023, 4:45pm

Very strange today i running my router in different ISP provider. I blocked the whatsaapp all the ip present in https://github.com/HybridNetworks/whatsapp-cidr/blob/main/WhatsApp/whatsapp_cidr_ipv4.txt list.

Even after dropping all the ips from filter table still whatsapp call and messages are working. tcpdump given new different set of Ips 157.240.192.50
157.240.242.62
31.13.79.52
163.70.139.62
157.240.192.50

vgaetera · September 1, 2023, 10:20pm

Those IPs mostly match SecOps-Institute/FacebookIPLists.
Since WhatsApp is owned by Facebook/Meta, their services seem to be quite tightly integrated, so blocking WhatsApp likely requires to block Facebook.
I updated the instructions on the wiki page linked above.

Widget · September 2, 2023, 3:21am

Whatsapp will be using a huge Content Delivery Network. I dont believe it is possible to block such a company with IP addresses or names alone, it would be an absolutely mammoth task. The best thing to do would be to use a public DNS service (maybe opendns or similar) and block it through that. The other alternative would be to find some kind of script based blocking service. The reason the destination IP's change is because whatsapp is probably run on about 10,000 CDN servers

timur.davletshin · September 2, 2023, 4:28am

Blocking hundreds of thousands is no problem these days even on consumer level hardware. Supporting a good quality blocklist is harder.

Widget · September 4, 2023, 1:29pm

You're probably correct but it's a lot more of a hassle trying to find the IP range of a company or that companies application than it used to be. They want everyone to use their apps so they are sneaky. Never trust a social media giant. They know what you're up to and keep changing the goalposts
Just when you think you're winning they dont just move the goalposts, they move to a different pitch and score a million goals to your 10 before you even realise