Block Whatsapp

gmsaud · Tue Jul 30, 2013 4:28 am

Could anyone help me how I can block whatsapp from Mikrotik router RB450G??

CameronE · Wed Jul 31, 2013 12:33 pm

Hard mode: Try using the packet sniffer on the router to find how whatsapp communicates and then block it with the firewall.

I haven't used the packet sniffer on RouterOS, but looking at it quickly, I would set whatsapp up on a control device and then filter the packet sniffer on the interface you're connecting to and the MAC address of your control device.

When you're sniffing, start sending messages and making calls etc etc. That should give you enough information to block it through the firewall.

CameronE · Thu Aug 01, 2013 11:50 am

BTW: easy mode would be to Google around and see if anyone else has done it. Sometimes publishers even have a write up on how to do so for school admins etc.

Ehman · Wed Sep 11, 2013 6:36 pm

I'm looking for the same thing, I've noticed that it uses a bunch of IP's and port 443 and maybe 5222

But I'm looking for a solution and haven't found one yet, so have anyone found something yet?

Ehman · Wed Sep 11, 2013 6:55 pm

http://rickey-g.blogspot.com/2011/05/wh ... tails.html

there's some info on how to do something, but those IP's aint the same then those that I saw on my log

deejayq · Thu Sep 12, 2013 10:03 am

if the link you provided above is up to date, you could easily block packets sent to any dns server, which contain "sro.whatsapp.net", by creating a layer-7 regexp.

Ehman · Thu Sep 12, 2013 11:41 am

if the link you provided above is up to date, you could easily block packets sent to any dns server, which contain "sro.whatsapp.net", by creating a layer-7 regexp.

I'm having big issue's with layer 7 on certain sites, the only site I can bock on layer 7 is facebook, everything else refuses to get blocked

I've managed to block whatsapp by range blocking the entire hosting company that they use, this is a aggressive and dirty method, but hey, It worked

firewall rule, drop 184.173.0.0/16 ..boom no SOFTLAYER anymore

https://isc.sans.edu/ipinfo.html?ip=184.173.0.0

deejayq · Thu Sep 12, 2013 1:22 pm

are you blocking dns requests too? or just trying regexp in blocking http traffic?

Ehman · Thu Sep 12, 2013 1:38 pm

are you blocking dns requests too? or just trying regexp in blocking http traffic?

can't do that in my case, because I'm running a hotspot with free users and paid users on the same router with different subnets

You drop this is your terminal and whatsapp will be blocked and so will all the servers that belong to that IP range

/ip firewall filter
add action=drop chain=forward comment="Block Whatsapp" protocol=tcp src-address=184.173.0.0/16

I hope the rule works, I removed some stuff out of it

Rudios · Fri Sep 13, 2013 7:28 pm

are you blocking dns requests too? or just trying regexp in blocking http traffic?
can't do that in my case, because I'm running a hotspot with free users and paid users on the same router with different subnets

You drop this is your terminal and whatsapp will be blocked and so will all the servers that belong to that IP range
Code: Select all
/ip firewall filter
add action=drop chain=forward comment="Block Whatsapp" protocol=tcp src-address=184.173.0.0/16
I hope the rule works, I removed some stuff out of it

Why dropping the packets that came from the servers (src-address) and not block traffic to the servers (dst-address)

Ehman · Fri Sep 13, 2013 8:50 pm

forward rule on blocking source: 184.173.0.0/16 from destination: Address-list IP

so my method is wrong you say?

Rudios · Fri Sep 13, 2013 10:15 pm

It is not really wrong. Maybe we're both right 50%
Maybe it is best to block both ways. Block initiated connection from both inside and outside.

Ehman · Fri Sep 13, 2013 10:19 pm

It is not really wrong. Maybe we're both right 50%
Maybe it is best to block both ways. Block initiated connection from both inside and outside.

lol..you've got a point there

, yea its probably better to block it both ways

EDIT: naah I'm sticking with my one way rule, just tested it again.. I doubt that the server will start the initiated connection with a device that cant even pass packets to the server in the first place.. So 100%..

Rudios · Fri Sep 13, 2013 10:47 pm

I think server will initiate connection when a message is to be delivered.
Nevertheless communication back is indeed needed.

Takv · Mon Apr 20, 2015 7:42 pm

Hi, you only need to make a address-list containing the folowing addresses:

(taken from www.whatsapp.com/cidr.txt)

31.13.69.240/32
31.13.70.49/32
31.13.71.49/32
31.13.73.49/32
31.13.74.49/32
31.13.76.81/32
31.13.77.49/32
50.22.75.192/27
50.22.93.192/27
50.22.198.204/30
50.22.210.32/30
50.22.210.128/27
50.22.225.64/27
50.22.235.248/30
50.22.240.160/27
50.23.90.128/27
50.97.57.128/27
75.126.39.32/27
108.168.174.0/27
108.168.176.192/26
108.168.177.0/27
108.168.180.96/27
108.168.254.65/32
108.168.255.224/32
108.168.255.227/32
158.85.0.96/27
158.85.5.192/27
158.85.46.128/27
158.85.48.224/27
158.85.58.0/25
158.85.61.192/27
158.85.224.160/27
158.85.233.32/27
158.85.249.128/27
158.85.249.224/27
158.85.254.64/27
169.53.29.128/27
169.53.250.128/26
169.54.2.160/27
169.54.210.0/27
169.54.222.128/27
173.192.162.32/27
173.192.219.128/27
173.192.222.160/27
173.192.231.32/27
173.193.205.0/27
173.193.230.96/27
173.193.230.128/27
173.193.230.192/27
173.193.239.0/27
174.36.208.128/27
174.36.210.32/27
174.36.251.192/27
174.37.199.192/27
174.37.217.64/27
174.37.231.64/27
174.37.243.64/27
174.37.251.0/27
184.173.73.176/28
184.173.136.64/27
184.173.147.32/27
184.173.161.64/32
184.173.161.160/27
184.173.173.116/32
184.173.179.32/27
184.173.195.32/27
184.173.201.32/27
184.173.204.32/27
192.155.212.192/27
198.11.193.182/31
198.11.212.0/27
198.11.217.192/27
198.11.251.32/27
198.23.80.0/27
198.23.86.224/27
198.23.87.64/27
208.43.115.192/27
208.43.117.79/32
208.43.117.136/32
208.43.122.128/27
2607:f0d0:1b01:d4::/64
2607:f0d0:3004:136::/64
2607:f0d0:3005:183::/64
2607:f0d0:3006:84::/64
2607:f0d0:3006:af::/64

loveman · Thu Sep 17, 2015 7:25 pm

Hi, you only need to make a address-list containing the folowing addresses:

(taken from http://www.whatsapp.com/cidr.txt)

31.13.69.240/32
31.13.70.49/32
31.13.71.49/32
31.13.73.49/32
31.13.74.49/32
31.13.76.81/32
31.13.77.49/32
50.22.75.192/27
50.22.93.192/27
50.22.198.204/30
50.22.210.32/30
50.22.210.128/27
50.22.225.64/27
50.22.235.248/30
50.22.240.160/27
50.23.90.128/27
50.97.57.128/27
75.126.39.32/27
108.168.174.0/27
108.168.176.192/26
108.168.177.0/27
108.168.180.96/27
108.168.254.65/32
108.168.255.224/32
108.168.255.227/32
158.85.0.96/27
158.85.5.192/27
158.85.46.128/27
158.85.48.224/27
158.85.58.0/25
158.85.61.192/27
158.85.224.160/27
158.85.233.32/27
158.85.249.128/27
158.85.249.224/27
158.85.254.64/27
169.53.29.128/27
169.53.250.128/26
169.54.2.160/27
169.54.210.0/27
169.54.222.128/27
173.192.162.32/27
173.192.219.128/27
173.192.222.160/27
173.192.231.32/27
173.193.205.0/27
173.193.230.96/27
173.193.230.128/27
173.193.230.192/27
173.193.239.0/27
174.36.208.128/27
174.36.210.32/27
174.36.251.192/27
174.37.199.192/27
174.37.217.64/27
174.37.231.64/27
174.37.243.64/27
174.37.251.0/27
184.173.73.176/28
184.173.136.64/27
184.173.147.32/27
184.173.161.64/32
184.173.161.160/27
184.173.173.116/32
184.173.179.32/27
184.173.195.32/27
184.173.201.32/27
184.173.204.32/27
192.155.212.192/27
198.11.193.182/31
198.11.212.0/27
198.11.217.192/27
198.11.251.32/27
198.23.80.0/27
198.23.86.224/27
198.23.87.64/27
208.43.115.192/27
208.43.117.79/32
208.43.117.136/32
208.43.122.128/27
2607:f0d0:1b01:d4::/64
2607:f0d0:3004:136::/64
2607:f0d0:3005:183::/64
2607:f0d0:3006:84::/64
2607:f0d0:3006:af::/64

are you tried this all ip range ?
blocked whatsapp or working ?

freemannnn · Fri Sep 18, 2015 9:28 pm

Can i ask where did u find all these addresses?

Sent from my iPhone using Tapatalk

PeterDoBrasil · Sun Sep 20, 2015 6:56 am

I have a very Powerfull Option for You! Add the following Script to the New Terminal, Mikrotik will create a New Scheduler and automatic put all Whatsapp DNS Entrys to the Firewall Address List !!

/system scheduler
add comment="Whatsapp Blocker" interval=2m name="Whatsapp Blocker" on-event="#\
\_Use DNS Entrys and add Address to the Firewall Address-list #\r\
\n:foreach i in=[/ip dns cache all find where (name~\"whatsapp\") && (type\
=\"A\") ] do={\r\
\n :local tmpAddress [/ip dns cache get \$i address];\r\
\ndelay delay-time=10ms\r\
\n# prevent script from using all cpu time #\r\
\n :if ( [/ip firewall address-list find where address=\$tmpAddress] = \
\"\") do={ \r\
\n :local cacheName [/ip dns cache get \$i name] ;\r\
\n :log info (\"added entry: \$cacheName \$tmpAddress\");\r\
\n /ip firewall address-list add address=\$tmpAddress list=Whatsapp co\
mment=\$cacheName;\r\
\n}\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-time=startup

O.K ?
Now You must create a new Firewall Filter Rule to take effect!

/ip firewall filter add chain=forward action=drop dst-address-list=Whatsapp disabled=no comment="Whatsapp Blocker"

When your Network is a Hotspot Network!

/ip firewall filter add chain=forward action=jump jump-target=hs_whatsapp_filter dst-address-list=Whatsapp comment=\
"JUMP TO hs_whatsapp_filter " disabled=no
/ip firewall filter add chain=hs_whatsapp_filter action=drop comment="ACTION = DROP WHATSAPP" disabled=no

You only must copy and past to your system, very easy and effectiv to do this!!!!!!!!!!!!!!!

loveman · Thu Sep 24, 2015 4:40 pm

I have a very Powerfull Option for You! Add the following Script to the New Terminal, Mikrotik will create a New Scheduler and automatic put all Whatsapp DNS Entrys to the Firewall Address List !!

/system scheduler
add comment="Whatsapp Blocker" interval=2m name="Whatsapp Blocker" on-event="#\
\_Use DNS Entrys and add Address to the Firewall Address-list #\r\
\n:foreach i in=[/ip dns cache all find where (name~\"whatsapp\") && (type\
=\"A\") ] do={\r\
\n :local tmpAddress [/ip dns cache get \$i address];\r\
\ndelay delay-time=10ms\r\
\n# prevent script from using all cpu time #\r\
\n :if ( [/ip firewall address-list find where address=\$tmpAddress] = \
\"\") do={ \r\
\n :local cacheName [/ip dns cache get \$i name] ;\r\
\n :log info (\"added entry: \$cacheName \$tmpAddress\");\r\
\n /ip firewall address-list add address=\$tmpAddress list=Whatsapp co\
mment=\$cacheName;\r\
\n}\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-time=startup

O.K ?
Now You must create a new Firewall Filter Rule to take effect!

/ip firewall filter add chain=forward action=drop dst-address-list=Whatsapp disabled=no comment="Whatsapp Blocker"

When your Network is a Hotspot Network!

/ip firewall filter add chain=forward action=jump jump-target=hs_whatsapp_filter dst-address-list=Whatsapp comment=\
"JUMP TO hs_whatsapp_filter " disabled=no
/ip firewall filter add chain=hs_whatsapp_filter action=drop comment="ACTION = DROP WHATSAPP" disabled=no

You only must copy and past to your system, very easy and effectiv to do this!!!!!!!!!!!!!!!

if I need not use hotspot

How can I complete this rule after
/ip firewall filter add chain=hs_whatsapp_filter action=drop comment="ACTION = DROP WHATSAPP" disabled=no

PeterDoBrasil · Wed Oct 07, 2015 1:16 pm

You do not use Hotspot? Add this Firewall Filter!

/ip firewall filter add chain=forward action=drop dst-address-list=Whatsapp disabled=no comment="Whatsapp Blocker"

PeterDoBrasil · Wed Oct 07, 2015 1:25 pm

# Copy and Paste the above to WinBox New Terminal #

/system scheduler
add comment="Whatsapp Blocker" interval=2m name="Whatsapp Blocker" on-event="#\
\_Use DNS Entrys and add Address to the Firewall Address-list #\r\
\n:foreach i in=[/ip dns cache all find where (name~\"whatsapp\") && (type\
=\"A\") ] do={\r\
\n :local tmpAddress [/ip dns cache get \$i address];\r\
\ndelay delay-time=10ms\r\
\n# prevent script from using all cpu time #\r\
\n :if ( [/ip firewall address-list find where address=\$tmpAddress] = \
\"\") do={ \r\
\n :local cacheName [/ip dns cache get \$i name] ;\r\
\n :log info (\"added entry: \$cacheName \$tmpAddress\");\r\
\n /ip firewall address-list add address=\$tmpAddress list=Whatsapp co\
mment=\$cacheName;\r\
\n}\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-time=startup

/ip firewall filter add chain=forward action=drop dst-address-list=Whatsapp disabled=no comment="Whatsapp Blocker"

loveman · Wed Oct 07, 2015 10:19 pm

# Copy and Paste the above to WinBox New Terminal #

/system scheduler
add comment="Whatsapp Blocker" interval=2m name="Whatsapp Blocker" on-event="#\
\_Use DNS Entrys and add Address to the Firewall Address-list #\r\
\n:foreach i in=[/ip dns cache all find where (name~\"whatsapp\") && (type\
=\"A\") ] do={\r\
\n :local tmpAddress [/ip dns cache get \$i address];\r\
\ndelay delay-time=10ms\r\
\n# prevent script from using all cpu time #\r\
\n :if ( [/ip firewall address-list find where address=\$tmpAddress] = \
\"\") do={ \r\
\n :local cacheName [/ip dns cache get \$i name] ;\r\
\n :log info (\"added entry: \$cacheName \$tmpAddress\");\r\
\n /ip firewall address-list add address=\$tmpAddress list=Whatsapp co\
mment=\$cacheName;\r\
\n}\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-time=startup

/ip firewall filter add chain=forward action=drop dst-address-list=Whatsapp disabled=no comment="Whatsapp Blocker"

I need to ask you if you tried this method?
your method is true working (blocked whatsapp) or not working the whatsapp will working without drop
because on this time i don't try , later i will try
i wait your answer for method drop whatsapp or no
Thank you

PeterDoBrasil · Fri Oct 16, 2015 2:12 am

For me It works very well! Drop whatsapp is not dificult!

loveman · Fri Oct 16, 2015 2:51 am

For me It works very well! Drop whatsapp is not dificult!

Thats right
Good for you.
Whats you using to drop it,,?
Only schedule?

PeterDoBrasil · Fri Oct 16, 2015 3:16 pm

/ip firewall filter add chain=forward protocol=tcp action=drop dst-address-list=Whatsapp disabled=no comment="Whatsapp Blocker"

without schedule, use this firewall filter rule
set your IP DNS to static!
set your DHCP server Network dns-server field to your Lan address, in my case 10.63.240.1 !!

Fri Oct 16, 2015 8:21 pm

im curious
whats your motivation to block whats app??

loveman · Fri Oct 16, 2015 10:39 pm

im curious
whats your motivation to block whats app??

Our company need to block app..

Fri Oct 16, 2015 11:23 pm

im curious
whats your motivation to block whats app??
Our company need to block app..

ok then why your company need to block app??

loveman · Sat Oct 17, 2015 9:47 am

im curious
whats your motivation to block whats app??
Our company need to block app..

ok then why your company need to block app??

Do not wish for this program so it is blocked.
I need to block program for computer
You know "connectify hotspot" how can block.

enggheisar · Mon Oct 19, 2015 3:33 pm

you can see http://www.imfirewall.us/ to find all of the regular expression
example for viber : ^.*viber\.com$.
/ip firewall layer7-protocol add comment="" name=viber regexp="^^.*viber\.com$"

loveman · Tue Oct 20, 2015 7:52 pm

you can see http://www.imfirewall.us/ to find all of the regular expression
example for viber : ^.*viber\.com$.
/ip firewall layer7-protocol add comment="" name=viber regexp="^^.*viber\.com$"

Thank you
In website i am not see filter for mikrotik..
Your method block viber,,!!
From where you have?
Plz i want all layer 7
I wait you

PeterDoBrasil · Tue Nov 03, 2015 3:14 am

# IMPORTANT ! THIS SCRIPT ONLY WORKS WITH STATIC DNS CONFIGURATION #
# if you use the dhcp-client, go to and uncheck the field ,, use-peer-dns"#
# then go to ip dns and set your static dns server #
# 208.67.222.222, 208.67.220.220, Open DNS #
# Whatsapp Finder Script RouterOS v6.33rc33 #
# This here is the Version for New Terminal #
# add to Scheduler and run with Time Interval 00:01:00 #
{
# STEP 1 set your prefered List Name here or leave it as it is #
:global lst "Whatsapp";
# Use DNS Entrys and add dst Address to the Firewall Address-list #
:foreach i in=[/ip dns cache all find where (name~"whatsapp" || name~"whatscom") && (type="A") ] do={
:local tmpAddress [/ip dns cache get $i address];
delay delay-time=10ms
# prevent script from using all cpu time #
:if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={
:local cacheName [/ip dns cache get $i name] ;
:log info ("added entry: $cacheName $tmpAddress");
/ip firewall address-list add address=$tmpAddress list="$lst" comment=$cacheName;
}
}
}

# Whatsapp Blocker RouterOS v6.33rc33 #
# This here is the Version for New Terminal #
# add to Scheduler and run with Time Interval 01:00:00 #
{
# STEP 2 set your in-interface here #
:local iif "bridge";
# STEP 3 set your jump target name for fw-mangle here, the same name will be the new chain or leave it as it is #
:local jt "whatsapp_mangle";
# STEP 4 set your jump rule comment here or leave it as it is #
:local jtc "Jump to Whatsapp Chain";
# STEP 5 set dst-address-here, you must get the same name which from STEP 1 or leave it as it is #
:local dal "Whatsapp";
# STEP 6 set your new-connection-mark name here or leave it as it is #
:local ncm "whats_con";
# STEP 7 determine the size in bytes here, connection is determined as valid after reaching size #
:local size "100";
# STEP 8 set your prefered connection-mark comment here or leave it as it is #
:local cmc "Whatsapp Connection";
# STEP 9 set your prefered src-address-list Name here or leave it as it is, this list will display your client IP addresses #
:local sal "Whatsapp User";
# STEP 10 set your prefered add-src-to-address-list comment here or leave it as it is #
:local sl "Whatsapp Add Src to Address List";
# STEP 11 set your own comment for drop rule, after reached Limit of STEP 7 the Malware connection will be closed #
:local mwc "Drop Whatsapp Con";
# STEP 12 set your jump target name for fw-filter here, the same name will be the new chain or leave it as it is #
:local fwf "whatsapp_chain";
# DO NOT EDIT NOTHING BELOW, THIS CAN BREAK THE SCRIPT !!! #
:log warning ("Removing old Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
:put ("Removing old Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
/ip firewall mangle remove [ find comment="$jtc" ];
/ip firewall mangle remove [ find comment="$cmc" ];
/ip firewall mangle remove [ find comment="$sl" ];
/ip firewall filter remove [ find comment="$jtc" ];
/ip firewall filter remove [ find comment="$mwc" ];
:log warning ("Adding new Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
:put ("Adding new Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
/ip firewall mangle
add chain="forward" protocol=tcp in-interface=$iif action=jump jump-target="$jt" comment="$jtc"
add chain="$jt" protocol=tcp in-interface=$iif connection-state=established,new dst-address-list="$dal" \
action=mark-connection new-connection-mark="$ncm" connection-bytes="$size-0" passthrough=yes comment="$cmc"
add chain="$jt" dst-address-list="$dal" action=add-src-to-address-list address-list="$sal" address-list-timeout=6h \
connection-mark="$ncm" comment="$sl"
/ip firewall filter
add chain=forward protocol=tcp in-interface=$iif connection-mark="$ncm" action=jump jump-target="$fwf" comment="$jtc"
add chain="$fwf" protocol=tcp dst-port=80 connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
add chain="$fwf" protocol=tcp dst-port=443 connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
add chain="$fwf" protocol=tcp dst-port=5222-5228 connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
}

loveman · Tue Nov 03, 2015 1:54 pm

# IMPORTANT ! THIS SCRIPT ONLY WORKS WITH STATIC DNS CONFIGURATION #
# if you use the dhcp-client, go to and uncheck the field ,, use-peer-dns"#
# then go to ip dns and set your static dns server #
# 208.67.222.222, 208.67.220.220, Open DNS #
# Whatsapp Finder Script RouterOS v6.33rc33 #
# This here is the Version for New Terminal #
# add to Scheduler and run with Time Interval 00:01:00 #
{
# STEP 1 set your prefered List Name here or leave it as it is #
:global lst "Whatsapp";
# Use DNS Entrys and add dst Address to the Firewall Address-list #
:foreach i in=[/ip dns cache all find where (name~"whatsapp" || name~"whatscom") && (type="A") ] do={
:local tmpAddress [/ip dns cache get $i address];
delay delay-time=10ms
# prevent script from using all cpu time #
:if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={
:local cacheName [/ip dns cache get $i name] ;
:log info ("added entry: $cacheName $tmpAddress");
/ip firewall address-list add address=$tmpAddress list="$lst" comment=$cacheName;
}
}
}

# Whatsapp Blocker RouterOS v6.33rc33 #
# This here is the Version for New Terminal #
# add to Scheduler and run with Time Interval 01:00:00 #
{
# STEP 2 set your in-interface here #
:local iif "bridge";
# STEP 3 set your jump target name for fw-mangle here, the same name will be the new chain or leave it as it is #
:local jt "whatsapp_mangle";
# STEP 4 set your jump rule comment here or leave it as it is #
:local jtc "Jump to Whatsapp Chain";
# STEP 5 set dst-address-here, you must get the same name which from STEP 1 or leave it as it is #
:local dal "Whatsapp";
# STEP 6 set your new-connection-mark name here or leave it as it is #
:local ncm "whats_con";
# STEP 7 determine the size in bytes here, connection is determined as valid after reaching size #
:local size "100";
# STEP 8 set your prefered connection-mark comment here or leave it as it is #
:local cmc "Whatsapp Connection";
# STEP 9 set your prefered src-address-list Name here or leave it as it is, this list will display your client IP addresses #
:local sal "Whatsapp User";
# STEP 10 set your prefered add-src-to-address-list comment here or leave it as it is #
:local sl "Whatsapp Add Src to Address List";
# STEP 11 set your own comment for drop rule, after reached Limit of STEP 7 the Malware connection will be closed #
:local mwc "Drop Whatsapp Con";
# STEP 12 set your jump target name for fw-filter here, the same name will be the new chain or leave it as it is #
:local fwf "whatsapp_chain";
# DO NOT EDIT NOTHING BELOW, THIS CAN BREAK THE SCRIPT !!! #
:log warning ("Removing old Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
:put ("Removing old Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
/ip firewall mangle remove [ find comment="$jtc" ];
/ip firewall mangle remove [ find comment="$cmc" ];
/ip firewall mangle remove [ find comment="$sl" ];
/ip firewall filter remove [ find comment="$jtc" ];
/ip firewall filter remove [ find comment="$mwc" ];
:log warning ("Adding new Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
:put ("Adding new Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
/ip firewall mangle
add chain="forward" protocol=tcp in-interface=$iif action=jump jump-target="$jt" comment="$jtc"
add chain="$jt" protocol=tcp in-interface=$iif connection-state=established,new dst-address-list="$dal" \
action=mark-connection new-connection-mark="$ncm" connection-bytes="$size-0" passthrough=yes comment="$cmc"
add chain="$jt" dst-address-list="$dal" action=add-src-to-address-list address-list="$sal" address-list-timeout=6h \
connection-mark="$ncm" comment="$sl"
/ip firewall filter
add chain=forward protocol=tcp in-interface=$iif connection-mark="$ncm" action=jump jump-target="$fwf" comment="$jtc"
add chain="$fwf" protocol=tcp dst-port=80 connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
add chain="$fwf" protocol=tcp dst-port=443 connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
add chain="$fwf" protocol=tcp dst-port=5222-5228 connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
}

Your method
Whats you can block only whatsapp?

PeterDoBrasil · Tue Nov 03, 2015 10:10 pm

You can Block what you need to Block, only edit the Script!

loveman · Fri Nov 06, 2015 11:26 pm

You can Block what you need to Block, only edit the Script!

I need to block "Viber" application for call,, how can i edit our your method

PeterDoBrasil · Fri Nov 06, 2015 11:32 pm

What is Viber my Friend ???

loveman · Fri Nov 06, 2015 11:38 pm

What is Viber my Friend ???

Viber is application call for smart phone, Looks like skype,Tango.. Etc
Thank you

PeterDoBrasil · Sat Nov 07, 2015 5:21 am

loveman · Sat Nov 07, 2015 7:24 am

test

Ok,, i will test soon,,
But i have other program,, that program working on computer,,
Name of program "connectify hotspot" meaning sharing the line of internet in computer,
When you setup in pc,, the computer change to router..
I need to block it?

MohamedHassan · Mon Dec 28, 2015 5:09 pm

You can review this explanation
http://www.3bkryshbkaat.com/2015/12/blog-post.html

PeterDoBrasil · Tue Jan 05, 2016 2:12 am

hablasip · Sun Mar 13, 2016 6:08 pm

I have a very Powerfull Option for You! Add the following Script to the New Terminal, Mikrotik will create a New Scheduler and automatic put all Whatsapp DNS Entrys to the Firewall Address List !!

/system scheduler
add comment="Whatsapp Blocker" interval=2m name="Whatsapp Blocker" on-event="#\
\_Use DNS Entrys and add Address to the Firewall Address-list #\r\
\n:foreach i in=[/ip dns cache all find where (name~\"whatsapp\") && (type\
=\"A\") ] do={\r\
\n :local tmpAddress [/ip dns cache get \$i address];\r\
\ndelay delay-time=10ms\r\
\n# prevent script from using all cpu time #\r\
\n :if ( [/ip firewall address-list find where address=\$tmpAddress] = \
\"\") do={ \r\
\n :local cacheName [/ip dns cache get \$i name] ;\r\
\n :log info (\"added entry: \$cacheName \$tmpAddress\");\r\
\n /ip firewall address-list add address=\$tmpAddress list=Whatsapp co\
mment=\$cacheName;\r\
\n}\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-time=startup

O.K ?
Now You must create a new Firewall Filter Rule to take effect!

/ip firewall filter add chain=forward action=drop dst-address-list=Whatsapp disabled=no comment="Whatsapp Blocker"

When your Network is a Hotspot Network!

/ip firewall filter add chain=forward action=jump jump-target=hs_whatsapp_filter dst-address-list=Whatsapp comment=\
"JUMP TO hs_whatsapp_filter " disabled=no
/ip firewall filter add chain=hs_whatsapp_filter action=drop comment="ACTION = DROP WHATSAPP" disabled=no

You only must copy and past to your system, very easy and effectiv to do this!!!!!!!!!!!!!!!

Hello PeterDoBrasil,

I am using this Script but en v6.34.1 sometimes work, but sometimes not,
i am using scheduler interval=1m, DNS static #208.67.222.222, 208.67.220.220,

Coud you tell me where is my error.

Thanks so much.

wcsnet · Sun Mar 13, 2016 9:58 pm

I have had great sucess with blocking all sorts of things useing dns, for whatsapp i have a script that adds all ip found in the dns cashe to a address list abvously my script is dynamic and can do this for anything

Zorro · Mon Mar 14, 2016 1:48 am

I have had great sucess with blocking all sorts of things useing dns, for whatsapp i have a script that adds all ip found in the dns cashe to a address list abvously my script is dynamic and can do this for anything

isn't that simply put DNS static override and blocking DNS bypassing/sneaking ?

Mon Mar 14, 2016 2:01 am

I have had great sucess with blocking all sorts of things useing dns, for whatsapp i have a script that adds all ip found in the dns cashe to a address list abvously my script is dynamic and can do this for anything

agree

opendns can help a lot too as a compliment

wcsnet · Mon Mar 14, 2016 7:36 am

I have had great sucess with blocking all sorts of things useing dns, for whatsapp i have a script that adds all ip found in the dns cashe to a address list abvously my script is dynamic and can do this for anything
isn't that simply put DNS static override and blocking DNS bypassing/sneaking ?

Well i fore users to a specific dns so no dns override

PeterDoBrasil · Wed Mar 16, 2016 1:56 am

I have a very Powerfull Option for You! Add the following Script to the New Terminal, Mikrotik will create a New Scheduler and automatic put all Whatsapp DNS Entrys to the Firewall Address List !!

/system scheduler
add comment="Whatsapp Blocker" interval=2m name="Whatsapp Blocker" on-event="#\
\_Use DNS Entrys and add Address to the Firewall Address-list #\r\
\n:foreach i in=[/ip dns cache all find where (name~\"whatsapp\") && (type\
=\"A\") ] do={\r\
\n :local tmpAddress [/ip dns cache get \$i address];\r\
\ndelay delay-time=10ms\r\
\n# prevent script from using all cpu time #\r\
\n :if ( [/ip firewall address-list find where address=\$tmpAddress] = \
\"\") do={ \r\
\n :local cacheName [/ip dns cache get \$i name] ;\r\
\n :log info (\"added entry: \$cacheName \$tmpAddress\");\r\
\n /ip firewall address-list add address=\$tmpAddress list=Whatsapp co\
mment=\$cacheName;\r\
\n}\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-time=startup

O.K ?
Now You must create a new Firewall Filter Rule to take effect!

/ip firewall filter add chain=forward action=drop dst-address-list=Whatsapp disabled=no comment="Whatsapp Blocker"

When your Network is a Hotspot Network!

/ip firewall filter add chain=forward action=jump jump-target=hs_whatsapp_filter dst-address-list=Whatsapp comment=\
"JUMP TO hs_whatsapp_filter " disabled=no
/ip firewall filter add chain=hs_whatsapp_filter action=drop comment="ACTION = DROP WHATSAPP" disabled=no

You only must copy and past to your system, very easy and effectiv to do this!!!!!!!!!!!!!!!
Hello PeterDoBrasil,

I am using this Script but en v6.34.1 sometimes work, but sometimes not,
i am using scheduler interval=1m, DNS static #208.67.222.222, 208.67.220.220,

Coud you tell me where is my error.

Thanks so much.

Have you find any in Logs? Google DNS is much faster 8.8.8.8,8.8.4.4

imtiazahmed · Tue Mar 22, 2016 6:49 am

Hi, Thanks for very valuable information available here. Although I have not tried yet but sure that it will work.

One very basis query : Do RB750Gr2 support these filters. and secondly I can use it with any DSL provided by ISP in routing mode.?

Regards

Tue Mar 22, 2016 11:55 am

Hi, Thanks for very valuable information available here. Although I have not tried yet but sure that it will work.

One very basis query : Do RB750Gr2 support these filters. and secondly I can use it with any DSL provided by ISP in routing mode.?

Regards

yes and yes

imtiazahmed · Wed Mar 23, 2016 10:13 am

means no need to turn DSL into bridge mode.? then how filters will be applied on users direct connected to NAT ports of DSL router.

munkitkat · Wed Mar 23, 2016 1:01 pm

It is not really wrong. Maybe we're both right 50%
Maybe it is best to block both ways. Block initiated connection from both inside and outside.

tfj88 · Tue Apr 26, 2016 9:33 am

How to setup a script to add all list in firewall filter ??

Hi, you only need to make a address-list containing the folowing addresses:

(taken from http://www.whatsapp.com/cidr.txt)

31.13.69.240/32
31.13.70.49/32
31.13.71.49/32
31.13.73.49/32
31.13.74.49/32
31.13.76.81/32
31.13.77.49/32
50.22.75.192/27
50.22.93.192/27
50.22.198.204/30
50.22.210.32/30
50.22.210.128/27
50.22.225.64/27
50.22.235.248/30
50.22.240.160/27
50.23.90.128/27
50.97.57.128/27
75.126.39.32/27
108.168.174.0/27
108.168.176.192/26
108.168.177.0/27
108.168.180.96/27
108.168.254.65/32
108.168.255.224/32
108.168.255.227/32
158.85.0.96/27
158.85.5.192/27
158.85.46.128/27
158.85.48.224/27
158.85.58.0/25
158.85.61.192/27
158.85.224.160/27
158.85.233.32/27
158.85.249.128/27
158.85.249.224/27
158.85.254.64/27
169.53.29.128/27
169.53.250.128/26
169.54.2.160/27
169.54.210.0/27
169.54.222.128/27
173.192.162.32/27
173.192.219.128/27
173.192.222.160/27
173.192.231.32/27
173.193.205.0/27
173.193.230.96/27
173.193.230.128/27
173.193.230.192/27
173.193.239.0/27
174.36.208.128/27
174.36.210.32/27
174.36.251.192/27
174.37.199.192/27
174.37.217.64/27
174.37.231.64/27
174.37.243.64/27
174.37.251.0/27
184.173.73.176/28
184.173.136.64/27
184.173.147.32/27
184.173.161.64/32
184.173.161.160/27
184.173.173.116/32
184.173.179.32/27
184.173.195.32/27
184.173.201.32/27
184.173.204.32/27
192.155.212.192/27
198.11.193.182/31
198.11.212.0/27
198.11.217.192/27
198.11.251.32/27
198.23.80.0/27
198.23.86.224/27
198.23.87.64/27
208.43.115.192/27
208.43.117.79/32
208.43.117.136/32
208.43.122.128/27
2607:f0d0:1b01:d4::/64
2607:f0d0:3004:136::/64
2607:f0d0:3005:183::/64
2607:f0d0:3006:84::/64
2607:f0d0:3006:af::/64

TomosRider · Tue Apr 26, 2016 10:12 am

Hard mode: Try using the packet sniffer on the router to find how whatsapp communicates and then block it with the firewall.

I haven't used the packet sniffer on RouterOS, but looking at it quickly, I would set whatsapp up on a control device and then filter the packet sniffer on the interface you're connecting to and the MAC address of your control device.

When you're sniffing, start sending messages and making calls etc etc. That should give you enough information to block it through the firewall.

This guy....love it!

PeterDoBrasil · Wed Apr 27, 2016 1:46 am

# Try my Whatsapp Blocker Script #

# IMPORTANT ! THIS SCRIPT ONLY WORKS WITH STATIC DNS CONFIGURATION #
# if you use the dhcp-client, go to and uncheck the field ,, use-peer-dns"#
# then go to ip dns and set your static dns server #
# 8.8.8.8 or 8.8.4.4 , Google DNS #
# Whatsapp Finder Script RouterOS v6.33rc33 #
# This here is the Version for New Terminal #
# add to Scheduler and run with Time Interval 00:01:00 #
{
# STEP 1 set your prefered List Name here or leave it as it is #
:global lst "Whatsapp";
# Use DNS Entrys and add dst Address to the Firewall Address-list #
:foreach i in=[/ip dns cache all find where (name~"whatsapp" || name~"whatscom") && (type="A") ] do={
:local tmpAddress [/ip dns cache get $i address];
delay delay-time=10ms
# prevent script from using all cpu time #
:if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={
:local cacheName [/ip dns cache get $i name] ;
:log info ("added entry: $cacheName $tmpAddress");
/ip firewall address-list add address=$tmpAddress list="$lst" comment=$cacheName;
}
}
}

# Whatsapp Blocker RouterOS v6.33rc33 #
# This here is the Version for New Terminal #
# add to Scheduler and run with Time Interval 01:00:00 #
{
# STEP 2 set your in-interface here #
:local iif "bridge";
# STEP 3 set your jump target name for fw-mangle here, the same name will be the new chain or leave it as it is #
:local jt "whatsapp_mangle";
# STEP 4 set your jump rule comment here or leave it as it is #
:local jtc "Jump to Whatsapp Chain";
# STEP 5 set dst-address-here, you must get the same name which from STEP 1 or leave it as it is #
:local dal "Whatsapp";
# STEP 6 set your new-connection-mark name here or leave it as it is #
:local ncm "whats_con";
# STEP 7 determine the size in bytes here, connection is determined as valid after reaching size #
:local size "100";
# STEP 8 set your prefered connection-mark comment here or leave it as it is #
:local cmc "Whatsapp Connection";
# STEP 9 set your prefered src-address-list Name here or leave it as it is, this list will display your client IP addresses #
:local sal "Whatsapp User";
# STEP 10 set your prefered add-src-to-address-list comment here or leave it as it is #
:local sl "Whatsapp Add Src to Address List";
# STEP 11 set your own comment for drop rule, after reached Limit of STEP 7 the Malware connection will be closed #
:local mwc "Drop Whatsapp Con";
# STEP 12 set your jump target name for fw-filter here, the same name will be the new chain or leave it as it is #
:local fwf "whatsapp_chain";
# DO NOT EDIT NOTHING BELOW, THIS CAN BREAK THE SCRIPT !!! #
:log warning ("Removing old Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
:put ("Removing old Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
/ip firewall mangle remove [ find comment="$jtc" ];
/ip firewall mangle remove [ find comment="$cmc" ];
/ip firewall mangle remove [ find comment="$sl" ];
/ip firewall filter remove [ find comment="$jtc" ];
/ip firewall filter remove [ find comment="$mwc" ];
:log warning ("Adding new Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
:put ("Adding new Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
/ip firewall mangle
add chain="forward" protocol=tcp in-interface=$iif action=jump jump-target="$jt" comment="$jtc"
add chain="$jt" protocol=tcp in-interface=$iif connection-state=established,new dst-address-list="$dal" \
action=mark-connection new-connection-mark="$ncm" connection-bytes="$size-0" passthrough=yes comment="$cmc"
add chain="$jt" dst-address-list="$dal" action=add-src-to-address-list address-list="$sal" address-list-timeout=6h \
connection-mark="$ncm" comment="$sl"
/ip firewall filter
add chain=forward protocol=tcp in-interface=$iif connection-mark="$ncm" action=jump jump-target="$fwf" comment="$jtc"
add chain="$fwf" protocol=tcp dst-port=80 connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
add chain="$fwf" protocol=tcp dst-port=443 connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
add chain="$fwf" protocol=tcp dst-port=5222-5228 connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
}

Zorro · Thu Apr 28, 2016 6:21 pm

means no need to turn DSL into bridge mode.? then how filters will be applied on users direct connected to NAT ports of DSL router.

all consumers - connect to DNS-resolved resources.
which in turn thanks to static DNS override and DNS bypassing/forwarding blocking combo - ensure that Nobody can access something w/o 3rd party DNS-alike service/replacement(from host-files to various "services", like used in darknet or by govt spies and various p2p/adhoc replacements for DNS(with or witout "DNS Sub" to mimic it in deployment).

loveman · Sat May 07, 2016 11:12 am

# Copy and Paste the above to WinBox New Terminal #

/system scheduler
add comment="Whatsapp Blocker" interval=2m name="Whatsapp Blocker" on-event="#\
\_Use DNS Entrys and add Address to the Firewall Address-list #\r\
\n:foreach i in=[/ip dns cache all find where (name~\"whatsapp\") && (type\
=\"A\") ] do={\r\
\n :local tmpAddress [/ip dns cache get \$i address];\r\
\ndelay delay-time=10ms\r\
\n# prevent script from using all cpu time #\r\
\n :if ( [/ip firewall address-list find where address=\$tmpAddress] = \
\"\") do={ \r\
\n :local cacheName [/ip dns cache get \$i name] ;\r\
\n :log info (\"added entry: \$cacheName \$tmpAddress\");\r\
\n /ip firewall address-list add address=\$tmpAddress list=Whatsapp co\
mment=\$cacheName;\r\
\n}\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-time=startup

/ip firewall filter add chain=forward action=drop dst-address-list=Whatsapp disabled=no comment="Whatsapp Blocker"

Thanks
what you mean that
interval=2m in /system scheduler ?

interval=2m ????

PeterDoBrasil · Sun May 08, 2016 2:59 am

yes, interval 2 minutes

loveman · Tue May 10, 2016 11:08 pm

yes, interval 2 minutes

Whats difference between interval 2 m
Or change to equal interval 10 m?

PeterDoBrasil · Fri May 13, 2016 3:02 am

you can set your prefered interval time, I think when you set menor interval time the script works better in the first hours

Takv · Sat Oct 29, 2016 1:23 am

Hi, you only need to make a address-list containing the folowing addresses:

(taken from http://www.whatsapp.com/cidr.txt)

31.13.69.240/32
31.13.70.49/32
31.13.71.49/32
31.13.73.49/32
31.13.74.49/32
31.13.76.81/32
31.13.77.49/32
50.22.75.192/27
50.22.93.192/27
50.22.198.204/30
50.22.210.32/30
50.22.210.128/27
50.22.225.64/27
50.22.235.248/30
50.22.240.160/27
50.23.90.128/27
50.97.57.128/27
75.126.39.32/27
108.168.174.0/27
108.168.176.192/26
108.168.177.0/27
108.168.180.96/27
108.168.254.65/32
108.168.255.224/32
108.168.255.227/32
158.85.0.96/27
158.85.5.192/27
158.85.46.128/27
158.85.48.224/27
158.85.58.0/25
158.85.61.192/27
158.85.224.160/27
158.85.233.32/27
158.85.249.128/27
158.85.249.224/27
158.85.254.64/27
169.53.29.128/27
169.53.250.128/26
169.54.2.160/27
169.54.210.0/27
169.54.222.128/27
173.192.162.32/27
173.192.219.128/27
173.192.222.160/27
173.192.231.32/27
173.193.205.0/27
173.193.230.96/27
173.193.230.128/27
173.193.230.192/27
173.193.239.0/27
174.36.208.128/27
174.36.210.32/27
174.36.251.192/27
174.37.199.192/27
174.37.217.64/27
174.37.231.64/27
174.37.243.64/27
174.37.251.0/27
184.173.73.176/28
184.173.136.64/27
184.173.147.32/27
184.173.161.64/32
184.173.161.160/27
184.173.173.116/32
184.173.179.32/27
184.173.195.32/27
184.173.201.32/27
184.173.204.32/27
192.155.212.192/27
198.11.193.182/31
198.11.212.0/27
198.11.217.192/27
198.11.251.32/27
198.23.80.0/27
198.23.86.224/27
198.23.87.64/27
208.43.115.192/27
208.43.117.79/32
208.43.117.136/32
208.43.122.128/27
2607:f0d0:1b01:d4::/64
2607:f0d0:3004:136::/64
2607:f0d0:3005:183::/64
2607:f0d0:3006:84::/64
2607:f0d0:3006:af::/64
are you tried this all ip range ?
blocked whatsapp or working ?

From Whatsapp cidr...

Always works, both to QoS or block it

Cheers.

loveman · Sat Nov 05, 2016 11:55 pm

Hi, you only need to make a address-list containing the folowing addresses:

(taken from http://www.whatsapp.com/cidr.txt)

31.13.69.240/32
31.13.70.49/32
31.13.71.49/32
31.13.73.49/32
31.13.74.49/32
31.13.76.81/32
31.13.77.49/32
50.22.75.192/27
50.22.93.192/27
50.22.198.204/30
50.22.210.32/30
50.22.210.128/27
50.22.225.64/27
50.22.235.248/30
50.22.240.160/27
50.23.90.128/27
50.97.57.128/27
75.126.39.32/27
108.168.174.0/27
108.168.176.192/26
108.168.177.0/27
108.168.180.96/27
108.168.254.65/32
108.168.255.224/32
108.168.255.227/32
158.85.0.96/27
158.85.5.192/27
158.85.46.128/27
158.85.48.224/27
158.85.58.0/25
158.85.61.192/27
158.85.224.160/27
158.85.233.32/27
158.85.249.128/27
158.85.249.224/27
158.85.254.64/27
169.53.29.128/27
169.53.250.128/26
169.54.2.160/27
169.54.210.0/27
169.54.222.128/27
173.192.162.32/27
173.192.219.128/27
173.192.222.160/27
173.192.231.32/27
173.193.205.0/27
173.193.230.96/27
173.193.230.128/27
173.193.230.192/27
173.193.239.0/27
174.36.208.128/27
174.36.210.32/27
174.36.251.192/27
174.37.199.192/27
174.37.217.64/27
174.37.231.64/27
174.37.243.64/27
174.37.251.0/27
184.173.73.176/28
184.173.136.64/27
184.173.147.32/27
184.173.161.64/32
184.173.161.160/27
184.173.173.116/32
184.173.179.32/27
184.173.195.32/27
184.173.201.32/27
184.173.204.32/27
192.155.212.192/27
198.11.193.182/31
198.11.212.0/27
198.11.217.192/27
198.11.251.32/27
198.23.80.0/27
198.23.86.224/27
198.23.87.64/27
208.43.115.192/27
208.43.117.79/32
208.43.117.136/32
208.43.122.128/27
2607:f0d0:1b01:d4::/64
2607:f0d0:3004:136::/64
2607:f0d0:3005:183::/64
2607:f0d0:3006:84::/64
2607:f0d0:3006:af::/64
are you tried this all ip range ?
blocked whatsapp or working ?
From Whatsapp cidr...

Always works, both to QoS or block it

Cheers.

Ok
Any idea to block psiphon vpn program?

Who is online