Blocking WhatsApp and other IM traffic

In my office, I have set up a linux machine as router and provide internet connectivity to all clients. Behind this linux router I have set up a cisco wireless router, with which I have made internet connectivity available to mobile phones of some employees in my office.

Now i want to block access to WhatsApp and other IM services (we chat, line). Is it possible to block these android applications using iptables?


Solution 1:

It looks like this application has been designed to try and avoid being blocked.

You could block this at layer 8 using an AUP that employees sign up to, which excludes using your equipment for services like this and which details sanctions for breach of said policy. This is the best solution as, when all is said and done this is a management issue not a technical one.

You could try layer 7 blocking DNS packets that request addresses in the whatsapp.net/.com/.whatever domains (sro.whatsapp in particular may be useful to block).

It uses ports 80,443,5222,5223 and 5228. You may get some mileage blocking some of them but it's unlikely you'll be able to block 80,443 reasonably.

I've read that some people have had success by blocking the whole of 184.173/16 but if that's a bit blunt then ipdb.at have a list too.

Solution 2:

Apply a filter using the official IP list: https://www.whatsapp.com/cidr.txt

Use QoS instead of blocking.

Solution 3:

Like @Iain says, this should be solved at layer 8. But if you insist on a technical solution, you can also mandate that all wireless traffic must go through a proxy you control, and you can block WhatsApp traffic on that proxy.