Block Whatsapp

gmsaud · July 30, 2013, 1:28am

Could anyone help me how I can block whatsapp from Mikrotik router RB450G??

CameronE · July 31, 2013, 9:33am

Hard mode: Try using the packet sniffer on the router to find how whatsapp communicates and then block it with the firewall.

I haven’t used the packet sniffer on RouterOS, but looking at it quickly, I would set whatsapp up on a control device and then filter the packet sniffer on the interface you’re connecting to and the MAC address of your control device.

When you’re sniffing, start sending messages and making calls etc etc. That should give you enough information to block it through the firewall.

CameronE · August 1, 2013, 8:50am

BTW: easy mode would be to Google around and see if anyone else has done it. Sometimes publishers even have a write up on how to do so for school admins etc.

Ehman · September 11, 2013, 3:36pm

I’m looking for the same thing, I’ve noticed that it uses a bunch of IP’s and port 443 and maybe 5222

But I’m looking for a solution and haven’t found one yet, so have anyone found something yet?

Ehman · September 11, 2013, 3:55pm

http://rickey-g.blogspot.com/2011/05/whatsapp-connection-details.html

there’s some info on how to do something, but those IP’s aint the same then those that I saw on my log

deejayq · September 12, 2013, 7:03am

if the link you provided above is up to date, you could easily block packets sent to any dns server, which contain “sro.whatsapp.net”, by creating a layer-7 regexp.

Ehman · September 12, 2013, 8:41am

I’m having big issue’s with layer 7 on certain sites, the only site I can bock on layer 7 is facebook, everything else refuses to get blocked

I’ve managed to block whatsapp by range blocking the entire hosting company that they use, this is a aggressive and dirty method, but hey, It worked

firewall rule, drop 184.173.0.0/16 ..boom no SOFTLAYER anymore

https://isc.sans.edu/ipinfo.html?ip=184.173.0.0

deejayq · September 12, 2013, 10:22am

are you blocking dns requests too? or just trying regexp in blocking http traffic?

Ehman · September 12, 2013, 10:38am

can’t do that in my case, because I’m running a hotspot with free users and paid users on the same router with different subnets

You drop this is your terminal and whatsapp will be blocked and so will all the servers that belong to that IP range

/ip firewall filter
add action=drop chain=forward comment="Block Whatsapp" protocol=tcp src-address=184.173.0.0/16

I hope the rule works, I removed some stuff out of it

Rudios · September 13, 2013, 4:28pm

Ehman:

deejayq:

are you blocking dns requests too? or just trying regexp in blocking http traffic?

can’t do that in my case, because I’m running a hotspot with free users and paid users on the same router with different subnets

You drop this is your terminal and whatsapp will be blocked and so will all the servers that belong to that IP range
/ip firewall filter
add action=drop chain=forward comment="Block Whatsapp" protocol=tcp src-address=184.173.0.0/16
I hope the rule works, I removed some stuff out of it

Why dropping the packets that came from the servers (src-address) and not block traffic to the servers (dst-address)

Ehman · September 13, 2013, 5:50pm

forward rule on blocking source: 184.173.0.0/16 from destination: Address-list IP

so my method is wrong you say?

Rudios · September 13, 2013, 7:15pm

It is not really wrong. Maybe we’re both right 50%
Maybe it is best to block both ways. Block initiated connection from both inside and outside.

Ehman · September 13, 2013, 7:19pm

lol..you’ve got a point there , yea its probably better to block it both ways

EDIT: naah I’m sticking with my one way rule, just tested it again.. I doubt that the server will start the initiated connection with a device that cant even pass packets to the server in the first place.. So 100%..

Rudios · September 13, 2013, 7:47pm

I think server will initiate connection when a message is to be delivered.
Nevertheless communication back is indeed needed.

Takv · April 20, 2015, 4:42pm

Hi, you only need to make a address-list containing the folowing addresses:

(taken from www.whatsapp.com/cidr.txt)

31.13.69.240/32
31.13.70.49/32
31.13.71.49/32
31.13.73.49/32
31.13.74.49/32
31.13.76.81/32
31.13.77.49/32
50.22.75.192/27
50.22.93.192/27
50.22.198.204/30
50.22.210.32/30
50.22.210.128/27
50.22.225.64/27
50.22.235.248/30
50.22.240.160/27
50.23.90.128/27
50.97.57.128/27
75.126.39.32/27
108.168.174.0/27
108.168.176.192/26
108.168.177.0/27
108.168.180.96/27
108.168.254.65/32
108.168.255.224/32
108.168.255.227/32
158.85.0.96/27
158.85.5.192/27
158.85.46.128/27
158.85.48.224/27
158.85.58.0/25
158.85.61.192/27
158.85.224.160/27
158.85.233.32/27
158.85.249.128/27
158.85.249.224/27
158.85.254.64/27
169.53.29.128/27
169.53.250.128/26
169.54.2.160/27
169.54.210.0/27
169.54.222.128/27
173.192.162.32/27
173.192.219.128/27
173.192.222.160/27
173.192.231.32/27
173.193.205.0/27
173.193.230.96/27
173.193.230.128/27
173.193.230.192/27
173.193.239.0/27
174.36.208.128/27
174.36.210.32/27
174.36.251.192/27
174.37.199.192/27
174.37.217.64/27
174.37.231.64/27
174.37.243.64/27
174.37.251.0/27
184.173.73.176/28
184.173.136.64/27
184.173.147.32/27
184.173.161.64/32
184.173.161.160/27
184.173.173.116/32
184.173.179.32/27
184.173.195.32/27
184.173.201.32/27
184.173.204.32/27
192.155.212.192/27
198.11.193.182/31
198.11.212.0/27
198.11.217.192/27
198.11.251.32/27
198.23.80.0/27
198.23.86.224/27
198.23.87.64/27
208.43.115.192/27
208.43.117.79/32
208.43.117.136/32
208.43.122.128/27
2607:f0d0:1b01:d4::/64
2607:f0d0:3004:136::/64
2607:f0d0:3005:183::/64
2607:f0d0:3006:84::/64
2607:f0d0:3006:af::/64

loveman · September 17, 2015, 4:25pm

Takv:

Hi, you only need to make a address-list containing the folowing addresses:

(taken from http://www.whatsapp.com/cidr.txt)

31.13.69.240/32
31.13.70.49/32
31.13.71.49/32
31.13.73.49/32
31.13.74.49/32
31.13.76.81/32
31.13.77.49/32
50.22.75.192/27
50.22.93.192/27
50.22.198.204/30
50.22.210.32/30
50.22.210.128/27
50.22.225.64/27
50.22.235.248/30
50.22.240.160/27
50.23.90.128/27
50.97.57.128/27
75.126.39.32/27
108.168.174.0/27
108.168.176.192/26
108.168.177.0/27
108.168.180.96/27
108.168.254.65/32
108.168.255.224/32
108.168.255.227/32
158.85.0.96/27
158.85.5.192/27
158.85.46.128/27
158.85.48.224/27
158.85.58.0/25
158.85.61.192/27
158.85.224.160/27
158.85.233.32/27
158.85.249.128/27
158.85.249.224/27
158.85.254.64/27
169.53.29.128/27
169.53.250.128/26
169.54.2.160/27
169.54.210.0/27
169.54.222.128/27
173.192.162.32/27
173.192.219.128/27
173.192.222.160/27
173.192.231.32/27
173.193.205.0/27
173.193.230.96/27
173.193.230.128/27
173.193.230.192/27
173.193.239.0/27
174.36.208.128/27
174.36.210.32/27
174.36.251.192/27
174.37.199.192/27
174.37.217.64/27
174.37.231.64/27
174.37.243.64/27
174.37.251.0/27
184.173.73.176/28
184.173.136.64/27
184.173.147.32/27
184.173.161.64/32
184.173.161.160/27
184.173.173.116/32
184.173.179.32/27
184.173.195.32/27
184.173.201.32/27
184.173.204.32/27
192.155.212.192/27
198.11.193.182/31
198.11.212.0/27
198.11.217.192/27
198.11.251.32/27
198.23.80.0/27
198.23.86.224/27
198.23.87.64/27
208.43.115.192/27
208.43.117.79/32
208.43.117.136/32
208.43.122.128/27
2607:f0d0:1b01:d4::/64
2607:f0d0:3004:136::/64
2607:f0d0:3005:183::/64
2607:f0d0:3006:84::/64
2607:f0d0:3006:af::/64

are you tried this all ip range ?
blocked whatsapp or working ?

freemannnn · September 18, 2015, 6:28pm

Can i ask where did u find all these addresses?

Sent from my iPhone using Tapatalk

PeterDoBrasil · September 20, 2015, 3:56am

I have a very Powerfull Option for You! Add the following Script to the New Terminal, Mikrotik will create a New Scheduler and automatic put all Whatsapp DNS Entrys to the Firewall Address List !!

/system scheduler
add comment=“Whatsapp Blocker” interval=2m name=“Whatsapp Blocker” on-event=“#
_Use DNS Entrys and add Address to the Firewall Address-list #\r
\n:foreach i in=[/ip dns cache all find where (name~"whatsapp") && (type
="A") ] do={\r
\n :local tmpAddress [/ip dns cache get $i address];\r
\ndelay delay-time=10ms\r
\n# prevent script from using all cpu time #\r
\n :if ( [/ip firewall address-list find where address=$tmpAddress] =
"") do={ \r
\n :local cacheName [/ip dns cache get $i name] ;\r
\n :log info ("added entry: $cacheName $tmpAddress");\r
\n /ip firewall address-list add address=$tmpAddress list=Whatsapp co
mment=$cacheName;\r
\n}\r
\n}” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-time=startup

O.K ?
Now You must create a new Firewall Filter Rule to take effect!

/ip firewall filter add chain=forward action=drop dst-address-list=Whatsapp disabled=no comment=“Whatsapp Blocker”

When your Network is a Hotspot Network!

/ip firewall filter add chain=forward action=jump jump-target=hs_whatsapp_filter dst-address-list=Whatsapp comment=
"JUMP TO hs_whatsapp_filter " disabled=no
/ip firewall filter add chain=hs_whatsapp_filter action=drop comment=“ACTION = DROP WHATSAPP” disabled=no

You only must copy and past to your system, very easy and effectiv to do this!!!

loveman · September 24, 2015, 1:40pm

PeterDoBrasil:

I have a very Powerfull Option for You! Add the following Script to the New Terminal, Mikrotik will create a New Scheduler and automatic put all Whatsapp DNS Entrys to the Firewall Address List !!

/system scheduler
add comment=“Whatsapp Blocker” interval=2m name=“Whatsapp Blocker” on-event=“#
_Use DNS Entrys and add Address to the Firewall Address-list #\r
\n:foreach i in=[/ip dns cache all find where (name~"whatsapp") && (type
="A") ] do={\r
\n :local tmpAddress [/ip dns cache get $i address];\r
\ndelay delay-time=10ms\r
\n# prevent script from using all cpu time #\r
\n :if ( [/ip firewall address-list find where address=$tmpAddress] =
"") do={ \r
\n :local cacheName [/ip dns cache get $i name] ;\r
\n :log info ("added entry: $cacheName $tmpAddress");\r
\n /ip firewall address-list add address=$tmpAddress list=Whatsapp co
mment=$cacheName;\r
\n}\r
\n}” policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive
start-time=startup

O.K ?
Now You must create a new Firewall Filter Rule to take effect!

/ip firewall filter add chain=forward action=drop dst-address-list=Whatsapp disabled=no comment=“Whatsapp Blocker”

When your Network is a Hotspot Network!

/ip firewall filter add chain=forward action=jump jump-target=hs_whatsapp_filter dst-address-list=Whatsapp comment=
"JUMP TO hs_whatsapp_filter " disabled=no
/ip firewall filter add chain=hs_whatsapp_filter action=drop comment=“ACTION = DROP WHATSAPP” disabled=no

You only must copy and past to your system, very easy and effectiv to do this!!!

if I need not use hotspot

How can I complete this rule after
/ip firewall filter add chain=hs_whatsapp_filter action=drop comment=“ACTION = DROP WHATSAPP” disabled=no

PeterDoBrasil · October 7, 2015, 10:16am

You do not use Hotspot? Add this Firewall Filter!

/ip firewall filter add chain=forward action=drop dst-address-list=Whatsapp disabled=no comment=“Whatsapp Blocker”