PfBlockerNG blocking Whatspp? (SOLVED)
So previously I have been able to block whatsapp using a trail/error method by having an iphone and using an APP called firewall IP. Then once whatsapp connects it shows me the IP it was connected from that I would use a ipv subnet calculator to block it. But recently seems that whatsapp stepped up there IPs.
Before it showed me IPs now it shows me dynamic dns but either way I open cmd and try to ping it which then it shows me the IP.
The issue is not sure if its pfBlockerNG is blocking or if the subnet calculator is wrong for ex:
e11.whatsapp.net –--- 18.104.22.168
on my ipv4 list i have 22.214.171.124/8 which it should be from 126.96.36.199 to 188.8.131.52 and im pretty sure that goes in that range
Or im open to suggestion if theres another way?
Whatsapp is in the Softlayer Network. So you won't be able to arbitrarily block ranges…
[Querying v4.whois.cymru.com] [v4.whois.cymru.com] AS | IP | AS Name 36351 | 184.108.40.206 | SOFTLAYER - SoftLayer Technologies Inc.,US
Did a quick google search and it looks like Whatsapp provides a complete IP address listing… You can probably just use that. Hope that helps.
Thank you for the reply,
So been at it for the past few days and not sure why.
So i added your list but heres the funny thing.
6.b1.a86c.ip4.static.sl-reverse.com is 220.127.116.11
on the rules i have 18.104.22.168/27 which is 22.214.171.124-126.96.36.199
On my computer I cannot ping it so in theory it is blocking
but for some odd reason I can connect to the whatsapp on the iphone not sure how its possible
Did you clear any open Firewall states to those IPs?
yep just reset all states and no luck :(
I remember i did this around last year, but i feel like they cranked up the IPs and now they seem to use dynamic DNS which is worse…but whats odd is that on my computer no ping but on the iphone it shows connected :o
now they seem to use dynamic DNS
What you tried should have worked. You could also try dns blocking. Add whatsapp.com and it's subdomains (https://pentest-tools.com/information-gathering/find-subdomains-of-domain) to DNSBL in pfblockerNG, and force clients to use pfSense as DNS server (https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense)
Thanks for the reply. So this is what i tried nothing makes sense anymore :-\
Tried OpenDNS and it was working blocking the typical facebook then i went to navigate whatsapp.com also gets blocked but I connect my iphone immediately it connects to whatsapp. So failed miserably
Then tried DNSBL when I did the Enable Domain/AS check it and added the list from the site you sent me and nothing :( but whats odd it shows that it gets blocked on the logs of the firewall I have no clue what is whatsapp servers doing.
EDIT: BAM just blocked it it was using some IPs from amazon finally…. the whatsapp.txt has been updated I will keep it updated. I wonder how long until they update it :(