Buy or Renew
Buy or Renew
NOTICE: OpenDNS Service Currently Not Available To Users In Belgium. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
200
Views
1
Helpful
2
Replies

Blocking VoIP Such as FaceTime

iprey
Level 1
Level 1

‎02-12-2017 11:50 AM

Trying to figure out how to block FaceTime on my home network.

I have searched for ways to block Facetime and have only come up with blocking certain ports.  Yet..  it seems that blocking the specified ports pretty much blocks everything else also (web, youtube etc.)

Any help getting facetime blocked would be great.

Wasn't sure if I could do it through OpenDNS.. ??

Labels:
2 Replies 2

mattwilson9090
Level 4
Level 4

‎02-12-2017 10:59 PM

If you can identify the domains that facetime uses then OpenDNS can block it.

Be aware that the FaceTime may not use domains, but may instead directly address IP addresses. Also, be aware, the domains can vary by operating system or even the specific app version that you are using.

0 Helpful

rotblitz
Level 6
Level 6

‎02-13-2017 05:43 AM

From https://discussions.apple.com/thread/3963202?start=0&tstart=0

I have recently blocked iMessage at the firewall and thought I would share.

Blocking port 5223 alone is not enough (but still necessary) and blocking any domain names (ie. albert.apple.com etc.) will not work.

The block needs to happen at the IP address level - here is the approach I took:

There are three ranges of IPs that iMessage uses and need blocking:
17.173.0.1 to 17.173.255.255
17.178.0.1 to 17.178.255.255
17.133.0.1 to 17.133.255.255

Obviously, these are large IP ranges and likely contain services that you still want to use (ie. App Store). There, explicitly ALLOW the following range to enable the App Store:
17.173.65.1 to 17.173.65.255

Caveats:

1. We have only just implemented this block and therefore there may be other Apple services we are not aware of yet that need to be included in the 'Allow' rule.

2. This block also blocks FaceTime

3. With the block in place, the 'Messages' app appears to take a very long time to deliver the message but eventually reports it as delivered. The message does not actually get sent and thus not delivered.


See also https://support.apple.com/en-us/HT202078 about the ports being used.

"Blocking VoIP Such as FaceTime"

FaceTime is not really VoIP.  If you want to block VoIP, a widely used standard is SIP/RTP where you can block SIP by port (UDP+TCP 5060) and RTP by blocking high ports (UDP 7000-20000).  Another standard is IAX where you want to block ports UDP 5036 and 4569.

However, I went through my OpenDNS domains stats and could identify lots of Apple related domains and CDNs.  Could well be that some are dedicated to FaceTime, so FaceTime could be blocked with OpenDNS.  You can find out only if you run a network sniffer.

0 Helpful
Customers Also Viewed These Support Documents