Community discussions

 
aresmt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Fri Mar 28, 2014 12:10 am

block whatsapp OR permit only whatsapp

Sun Sep 07, 2014 1:31 am

Hi ,

I have an HotSpot configured on my RB2011UiAS-2HnD-IN

I am trying to create 4 user profiles.

One that will only have accesst to:

1. Wikipedia
2. Whatsapp +wikipedia
3. Whatsapp + facebook + wikipedia
4. No restrictions

My bigest issue is Whatsapp, i tried all kind of combination, firewall, proxy, ports, ips, nothing seems to work.

Can you please helpto block whatsapp?

Thanks in advance,
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: block whatsapp OR permit only whatsapp

Sun Sep 07, 2014 10:48 am

Hi ,

I have an HotSpot configured on my RB2011UiAS-2HnD-IN

I am trying to create 4 user profiles.

One that will only have accesst to:

1. Wikipedia
2. Whatsapp +wikipedia
3. Whatsapp + facebook + wikipedia
4. No restrictions

My bigest issue is Whatsapp, i tried all kind of combination, firewall, proxy, ports, ips, nothing seems to work.

Can you please helpto block whatsapp?

Thanks in advance,
Traduction:
0) Traffic on port 53 pass without restrictions.
1) If IP pool of user are from pool 1, block all IP except the address-list of IP pools assigned to Wikipedia
2) If IP pool of user are from pool 2, block all IP except the address-list of IP pools assigned to Wikipedia and Whatsapp
3) If IP pool of user are from pool 3, block all IP except the address-list of IP pools assigned to Wikipedia, whatsapp and Facebook
4) If IP pool of user are from pool 4, do nothing.

For know what are the list of all ip assigned to whatsapp, wikipedia and facebook, search on the ripe.net, arin.net apnic.net afrinic.net and lacnic.net
I'm Italian, not English. Sorry for my imperfect grammar.
 
aresmt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Fri Mar 28, 2014 12:10 am

Re: block whatsapp OR permit only whatsapp

Sun Sep 07, 2014 12:59 pm


Traduction:
0) Traffic on port 53 pass without restrictions.
1) If IP pool of user are from pool 1, block all IP except the address-list of IP pools assigned to Wikipedia
2) If IP pool of user are from pool 2, block all IP except the address-list of IP pools assigned to Wikipedia and Whatsapp
3) If IP pool of user are from pool 3, block all IP except the address-list of IP pools assigned to Wikipedia, whatsapp and Facebook
4) If IP pool of user are from pool 4, do nothing.

For know what are the list of all ip assigned to whatsapp, wikipedia and facebook, search on the ripe.net, arin.net apnic.net afrinic.net and lacnic.net

Hi,

That's was my initial idea. To create pools for every "package".

I don't see how can i block or permit services by IPs. IPs are changing, and even so, if they are using some kind of cloud, it will be almost impossible to block all the ips that they use or will use.

Is there any way to block by ports or domain or layer7?

Because my plan is to block everything what doesn't match.
example:
1. block everything what is not wikipedia)
2. block everything what is not wikipedia and whatsapp
.. and so on..

Thanks for your suggestions,
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: block whatsapp OR permit only whatsapp

Sun Sep 07, 2014 6:24 pm

... I don't see how can i block or permit services by IPs....
Read more carefully:
For know what are the list of all ip assigned to whatsapp, wikipedia and facebook, search on the ripe.net, arin.net apnic.net afrinic.net and lacnic.net
I'm Italian, not English. Sorry for my imperfect grammar.
 
aresmt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Fri Mar 28, 2014 12:10 am

Re: block whatsapp OR permit only whatsapp

Sun Sep 07, 2014 8:30 pm

... I don't see how can i block or permit services by IPs....
Read more carefully:
For know what are the list of all ip assigned to whatsapp, wikipedia and facebook, search on the ripe.net, arin.net apnic.net afrinic.net and lacnic.net
Please read hole sentence:
I don't see how can i block or permit services by IPs. IPs are changing, and even so, if they are using some kind of cloud, it will be almost impossible to block all the ips that they use or will use.

I don'twant to check dayli if the ips are different.
... and even so, do you know other method than block by ips? :)
 
aresmt
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Fri Mar 28, 2014 12:10 am

Re: block whatsapp OR permit only whatsapp

Sun Sep 07, 2014 11:07 pm

Hi,

I tried with proxy.

Probably I am doing something workng, but the proxy is working randomly


 

 /ip proxy access> export
# sep/07/2014 21:03:44 by RouterOS 6.19
# software id = HK1L-HGDT
#
/ip proxy access
add action=deny dst-host=!:wikipedia src-address=10.0.0.0/19

wikipedia is working;
yahoo is working;
linkedin is working
other sites are working,
google is not working :)


any idea why is working randomly?

Thanks
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 2946
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: block whatsapp OR permit only whatsapp

Mon Sep 08, 2014 1:08 am

Please read this: "...all ip assigned..."

>>>IPs are changing
IP are depleted, I do not think are changing so easly...

>>>if they are using some kind of cloud...
If use cloud, can be used on another ip assigned, and is already knowed because is part of "...all ip assignd..."

>>>I don'twant to check dayli if the ips are different.
Is not needed.

2nd alternative:
resolve by dns the ip of facebook, Wikipedia, whatsapp and add it dinamically inside one addres list...
or use mikrotik as DNS proxy and permit all address containing on dns name the keyword Wikipedia, facebook or whatsapp.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: block whatsapp OR permit only whatsapp

Tue Sep 09, 2014 3:34 pm

proxy is good for non-ssl/tls http connections. SO, when you have something encrypted proxy will brake that. Or you have to use more advanced proxy solution that will support tls/ssl sessions over http.

if you go IP blocking path, you can work with both, as you are just blocking access to IP addresses.
 
User avatar
Takv
just joined
Posts: 24
Joined: Sun Apr 19, 2015 5:37 pm

Re: block whatsapp OR permit only whatsapp

Mon Apr 20, 2015 7:43 pm

Hi, you only need to make a address-list containing the folowing addresses:

(taken from www.whatsapp.com/cidr.txt)

31.13.69.240/32
31.13.70.49/32
31.13.71.49/32
31.13.73.49/32
31.13.74.49/32
31.13.76.81/32
31.13.77.49/32
50.22.75.192/27
50.22.93.192/27
50.22.198.204/30
50.22.210.32/30
50.22.210.128/27
50.22.225.64/27
50.22.235.248/30
50.22.240.160/27
50.23.90.128/27
50.97.57.128/27
75.126.39.32/27
108.168.174.0/27
108.168.176.192/26
108.168.177.0/27
108.168.180.96/27
108.168.254.65/32
108.168.255.224/32
108.168.255.227/32
158.85.0.96/27
158.85.5.192/27
158.85.46.128/27
158.85.48.224/27
158.85.58.0/25
158.85.61.192/27
158.85.224.160/27
158.85.233.32/27
158.85.249.128/27
158.85.249.224/27
158.85.254.64/27
169.53.29.128/27
169.53.250.128/26
169.54.2.160/27
169.54.210.0/27
169.54.222.128/27
173.192.162.32/27
173.192.219.128/27
173.192.222.160/27
173.192.231.32/27
173.193.205.0/27
173.193.230.96/27
173.193.230.128/27
173.193.230.192/27
173.193.239.0/27
174.36.208.128/27
174.36.210.32/27
174.36.251.192/27
174.37.199.192/27
174.37.217.64/27
174.37.231.64/27
174.37.243.64/27
174.37.251.0/27
184.173.73.176/28
184.173.136.64/27
184.173.147.32/27
184.173.161.64/32
184.173.161.160/27
184.173.173.116/32
184.173.179.32/27
184.173.195.32/27
184.173.201.32/27
184.173.204.32/27
192.155.212.192/27
198.11.193.182/31
198.11.212.0/27
198.11.217.192/27
198.11.251.32/27
198.23.80.0/27
198.23.86.224/27
198.23.87.64/27
208.43.115.192/27
208.43.117.79/32
208.43.117.136/32
208.43.122.128/27
2607:f0d0:1b01:d4::/64
2607:f0d0:3004:136::/64
2607:f0d0:3005:183::/64
2607:f0d0:3006:84::/64
2607:f0d0:3006:af::/64

Who is online

Users browsing this forum: Bing [Bot] and 9 guests