How to block whatsapp from my router i'm using openwrt 19.1.. I tried to add some whatsapp host name in my iptables rules but it is not working. Every time whatapp start it tried to send diff destiantion address.
I found whatsapp port 5222, 5223,443,80 but blocking port 443 and 80 will block all https and http traffic. Any suggestion
if the DNS names are completely random, you can't really do much about it.
there's however https://github.com/ukanth/afwall/wiki/HOWTO-blocking-WhatsApp, no idea how up to date it is.
Ip mention in the list are old i selected all the iptables ips mention it is not dropping. Im seeing ip range start with 3.12..
@frollic, you able to block via DNS ?
I do not have option via DNS . I added in iptables but sitll whatsapp messages and call going
nope, I added the list of IPs posted by @pavelgl as an ipset.
please share more info about ipset how to fix this in router
search the forum for
luci ipset or
Since WhatsApp is owned by Facebook/Meta, their services seem to be quite tightly integrated, so blocking WhatsApp likely requires to block Facebook:
Thank you @pavelgl @frollic @vgaetera, successfully able to block whatsapp now
Very strange today i running my router in different ISP provider. I blocked the whatsaapp all the ip present in https://github.com/HybridNetworks/whatsapp-cidr/blob/main/WhatsApp/whatsapp_cidr_ipv4.txt list.
Even after dropping all the ips from filter table still whatsapp call and messages are working. tcpdump given new different set of Ips 188.8.131.52
Those IPs mostly match SecOps-Institute/FacebookIPLists owned by Facebook/Meta.
Whatsapp will be using a huge Content Delivery Network. I dont believe it is possible to block such a company with IP addresses or names alone, it would be an absolutely mammoth task. The best thing to do would be to use a public DNS service (maybe opendns or similar) and block it through that. The other alternative would be to find some kind of script based blocking service. The reason the destination IP's change is because whatsapp is probably run on about 10,000 CDN servers
Blocking hundreds of thousands is no problem these days even on consumer level hardware. Supporting a good quality blocklist is harder.
You're probably correct but it's a lot more of a hassle trying to find the IP range of a company or that companies application than it used to be. They want everyone to use their apps so they are sneaky. Never trust a social media giant. They know what you're up to and keep changing the goalposts
Just when you think you're winning they dont just move the goalposts, they move to a different pitch and score a million goals to your 10 before you even realise