https://community.cisco.com/t5/opendns/blocking-voip-such-as-facetime/m-p/5175196#M1908 <DIV class="opendns-migrated-content"><P>Trying to figure out how to block FaceTime on my home network.</P> <P>I have searched for ways to block Facetime and have only come up with blocking certain ports. &nbsp;Yet.. &nbsp;it seems that blocking the specified ports pretty much blocks everything else also (web, youtube etc.)</P> <P>Any help getting facetime blocked would be great.</P> <P>Wasn't sure if I could do it through OpenDNS.. ??</P></DIV> Sun, 12 Feb 2017 19:50:56 GMT iprey 2017-02-12T19:50:56Z https://community.cisco.com/t5/opendns/blocking-voip-such-as-facetime/m-p/5175196#M1908 <DIV class="opendns-migrated-content"><P>Trying to figure out how to block FaceTime on my home network.</P> <P>I have searched for ways to block Facetime and have only come up with blocking certain ports. &nbsp;Yet.. &nbsp;it seems that blocking the specified ports pretty much blocks everything else also (web, youtube etc.)</P> <P>Any help getting facetime blocked would be great.</P> <P>Wasn't sure if I could do it through OpenDNS.. ??</P></DIV> Sun, 12 Feb 2017 19:50:56 GMT https://community.cisco.com/t5/opendns/blocking-voip-such-as-facetime/m-p/5175196#M1908 iprey 2017-02-12T19:50:56Z https://community.cisco.com/t5/opendns/blocking-voip-such-as-facetime/m-p/5175197#M1909 <DIV class="opendns-migrated-content"><P>If you can identify the domains that facetime uses then OpenDNS can block it.</P> <P>Be aware that the FaceTime may not use domains, but may instead directly address IP addresses. Also, be aware, the domains can vary by operating system or even the specific app version that you are using.</P></DIV> Mon, 13 Feb 2017 06:59:12 GMT https://community.cisco.com/t5/opendns/blocking-voip-such-as-facetime/m-p/5175197#M1909 mattwilson9090 2017-02-13T06:59:12Z https://community.cisco.com/t5/opendns/blocking-voip-such-as-facetime/m-p/5175198#M1910 <DIV class="opendns-migrated-content"><P>From <A href="https://discussions.apple.com/thread/3963202?start=0&amp;tstart=0" rel="nofollow noreferrer">https://discussions.apple.com/thread/3963202?start=0&amp;tstart=0</A></P> <P><EM>I have recently blocked iMessage at the firewall and thought I would share.</EM></P> <P><EM>Blocking port 5223 alone is not enough (but still necessary) and <STRONG>blocking any domain names (ie. albert.apple.com etc.) will not work</STRONG>.</EM></P> <P><EM>The block needs to happen at the IP address level - here is the approach I took:</EM></P> <P><EM>There are three ranges of IPs that iMessage uses and need blocking:<BR />17.173.0.1 to 17.173.255.255<BR />17.178.0.1 to 17.178.255.255<BR />17.133.0.1 to 17.133.255.255</EM></P> <P><EM>Obviously, these are large IP ranges and likely contain services that you still want to use (ie. App Store). There, explicitly ALLOW the following range to enable the App Store:<BR />17.173.65.1 to 17.173.65.255</EM></P> <P><EM>Caveats:</EM></P> <P><EM>1. We have only just implemented this block and therefore there may be other Apple services we are not aware of yet that need to be included in the 'Allow' rule.</EM></P> <P><STRONG><EM>2. This block also blocks FaceTime</EM></STRONG></P> <P><EM>3. With the block in place, the 'Messages' app appears to take a very long time to deliver the message but eventually reports it as delivered. The message does not actually get sent and thus not delivered.</EM></P> <P><BR />See also <A href="https://support.apple.com/en-us/HT202078" rel="nofollow noreferrer">https://support.apple.com/en-us/HT202078</A> about the ports being used.</P> <P>"<EM>Blocking VoIP Such as FaceTime</EM>"</P> <P>FaceTime is not really VoIP.&nbsp; If you want to block VoIP, a widely used standard is SIP/RTP where you can block SIP by port (UDP+TCP 5060) and RTP by blocking high ports (UDP 7000-20000).&nbsp; Another standard is IAX where you want to block ports UDP 5036 and 4569.</P> <P>However, I went through my OpenDNS domains stats and could identify lots of Apple related domains and CDNs.&nbsp; Could well be that some are dedicated to FaceTime, so FaceTime could be blocked with OpenDNS.&nbsp; You can find out only if you run a network sniffer.</P></DIV> Mon, 13 Feb 2017 13:43:29 GMT https://community.cisco.com/t5/opendns/blocking-voip-such-as-facetime/m-p/5175198#M1910 rotblitz 2017-02-13T13:43:29Z