block whatsapp OR permit only whatsapp

aresmt · September 6, 2014, 10:31pm

Hi ,

I have an HotSpot configured on my RB2011UiAS-2HnD-IN

I am trying to create 4 user profiles.

One that will only have accesst to:

Wikipedia
Whatsapp +wikipedia
Whatsapp + facebook + wikipedia
No restrictions

My bigest issue is Whatsapp, i tried all kind of combination, firewall, proxy, ports, ips, nothing seems to work.

Can you please helpto block whatsapp?

Thanks in advance,

rextended · September 7, 2014, 7:48am

Traduction:
0) Traffic on port 53 pass without restrictions.

If IP pool of user are from pool 1, block all IP except the address-list of IP pools assigned to Wikipedia
If IP pool of user are from pool 2, block all IP except the address-list of IP pools assigned to Wikipedia and Whatsapp
If IP pool of user are from pool 3, block all IP except the address-list of IP pools assigned to Wikipedia, whatsapp and Facebook
If IP pool of user are from pool 4, do nothing.

For know what are the list of all ip assigned to whatsapp, wikipedia and facebook, search on the ripe.net, arin.net apnic.net afrinic.net and lacnic.net

aresmt · September 7, 2014, 9:59am

Hi,

That’s was my initial idea. To create pools for every “package”.

I don’t see how can i block or permit services by IPs. IPs are changing, and even so, if they are using some kind of cloud, it will be almost impossible to block all the ips that they use or will use.

Is there any way to block by ports or domain or layer7?

Because my plan is to block everything what doesn’t match.
example:

block everything what is not wikipedia)
block everything what is not wikipedia and whatsapp
.. and so on..

Thanks for your suggestions,

rextended · September 7, 2014, 3:24pm

Read more carefully:

aresmt · September 7, 2014, 5:30pm

Please read hole sentence:
I don’t see how can i block or permit services by IPs. IPs are changing, and even so, if they are using some kind of cloud, it will be almost impossible to block all the ips that they use or will use.

I don’twant to check dayli if the ips are different.
… and even so, do you know other method than block by ips?

aresmt · September 7, 2014, 8:07pm

Hi,

I tried with proxy.

Probably I am doing something workng, but the proxy is working randomly

 

 /ip proxy access> export
# sep/07/2014 21:03:44 by RouterOS 6.19
# software id = HK1L-HGDT
#
/ip proxy access
add action=deny dst-host=!:wikipedia src-address=10.0.0.0/19

wikipedia is working;
yahoo is working;
linkedin is working
other sites are working,
google is not working

any idea why is working randomly?

Thanks

rextended · September 7, 2014, 10:08pm

Please read this: “…all ip assigned…”

IPs are changing
IP are depleted, I do not think are changing so easly…

if they are using some kind of cloud…
If use cloud, can be used on another ip assigned, and is already knowed because is part of “…all ip assignd…”

I don’twant to check dayli if the ips are different.
Is not needed.

2nd alternative:
resolve by dns the ip of facebook, Wikipedia, whatsapp and add it dinamically inside one addres list…
or use mikrotik as DNS proxy and permit all address containing on dns name the keyword Wikipedia, facebook or whatsapp.

janisk · September 9, 2014, 12:34pm

proxy is good for non-ssl/tls http connections. SO, when you have something encrypted proxy will brake that. Or you have to use more advanced proxy solution that will support tls/ssl sessions over http.

if you go IP blocking path, you can work with both, as you are just blocking access to IP addresses.

Takv · April 20, 2015, 4:43pm

Hi, you only need to make a address-list containing the folowing addresses:

(taken from www.whatsapp.com/cidr.txt)

31.13.69.240/32
31.13.70.49/32
31.13.71.49/32
31.13.73.49/32
31.13.74.49/32
31.13.76.81/32
31.13.77.49/32
50.22.75.192/27
50.22.93.192/27
50.22.198.204/30
50.22.210.32/30
50.22.210.128/27
50.22.225.64/27
50.22.235.248/30
50.22.240.160/27
50.23.90.128/27
50.97.57.128/27
75.126.39.32/27
108.168.174.0/27
108.168.176.192/26
108.168.177.0/27
108.168.180.96/27
108.168.254.65/32
108.168.255.224/32
108.168.255.227/32
158.85.0.96/27
158.85.5.192/27
158.85.46.128/27
158.85.48.224/27
158.85.58.0/25
158.85.61.192/27
158.85.224.160/27
158.85.233.32/27
158.85.249.128/27
158.85.249.224/27
158.85.254.64/27
169.53.29.128/27
169.53.250.128/26
169.54.2.160/27
169.54.210.0/27
169.54.222.128/27
173.192.162.32/27
173.192.219.128/27
173.192.222.160/27
173.192.231.32/27
173.193.205.0/27
173.193.230.96/27
173.193.230.128/27
173.193.230.192/27
173.193.239.0/27
174.36.208.128/27
174.36.210.32/27
174.36.251.192/27
174.37.199.192/27
174.37.217.64/27
174.37.231.64/27
174.37.243.64/27
174.37.251.0/27
184.173.73.176/28
184.173.136.64/27
184.173.147.32/27
184.173.161.64/32
184.173.161.160/27
184.173.173.116/32
184.173.179.32/27
184.173.195.32/27
184.173.201.32/27
184.173.204.32/27
192.155.212.192/27
198.11.193.182/31
198.11.212.0/27
198.11.217.192/27
198.11.251.32/27
198.23.80.0/27
198.23.86.224/27
198.23.87.64/27
208.43.115.192/27
208.43.117.79/32
208.43.117.136/32
208.43.122.128/27
2607:f0d0:1b01:d4::/64
2607:f0d0:3004:136::/64
2607:f0d0:3005:183::/64
2607:f0d0:3006:84::/64
2607:f0d0:3006:af::/64