Block iMessages?

[jay42k]

I am trying to block iMessages on my network. I have Parental Controls set up with Time Scheduling, which works well for everything EXCEPT iMessages! I am not sure why they still get through.

What is needed differently for iMessage after hours?

 

[chele809]

I had the same Issue... and ended up doing it manual every night by just having wireless MAC filter ( Block the specific IP) after X hours.. not a solution... but just the way I did it....

Sent from my SM-G925T using Tapatalk

 

[Reinvented]

Are we talking about iMessages through phone or on a Mac with iChat?

 

[tomislav]

You won't be able to block iMessage by just blocking ports (it can fall back to port 80 for example), it's only possible by packet inspecting on the app level and that something I don't believe these routers can do.

 

[sfx2000]

I am trying to block iMessages on my network. I have Parental Controls set up with Time Scheduling, which works well for everything EXCEPT iMessages! I am not sure why they still get through.

What is needed differently for iMessage after hours?

Are you trying to block during certain hours, or block iMessage period?

Globally it can be done (e.g. never allowing iMessage) at the device itself;

• Disable iMessage (Turn it off).
• Lock the ability to change account settings. This is done under Restrictions settings. By doing this, your child cannot turn iMessage back on. Only those with the Restrictions password can do so.

As for time restrictions - e.g. not during school hours, after bedtime, etc - nothing right now at the device level...

If you're trying to do port based rules on the router/firewall - here's the ports

iMessage Ports

• 80 (TCP)
• 443 (TCP)
• 5223 (TCP)

FaceTime (Audio and Video)

• 53 (TCP)
• 80 (TCP)
• 443 (TCP)
• 4080 (TCP)
• 5223 (TCP)
• 16393-16472 (UDP)

 

[coldwizard]

I am trying to block iMessages on my network. I have Parental Controls set up with Time Scheduling, which works well for everything EXCEPT iMessages! I am not sure why they still get through.

What is needed differently for iMessage after hours?

Please confirm that HW Acceleration is disabled on the tools => sysinfo page.
If enabled, existing connections will not be blocked by parental controls.

Edit to add:
If it is enabled, go to LAN => "Switch Control" and change the "Enable HW Acceleration" to No. (I think it was also called NAT acceleration at some point). You need to reboot router for it to take effect.

 

[SnakeByte]

Here's an official list of services to ports from Apple:
https://support.apple.com/en-us/HT202944

I doubt port blocking will work since it's too easy to fall back to 80/443 and blocking those would break web access on all devices.

Besides the suggestions above (block at the device, block all internet for the device at scheduled times), one other possibility would be to schedule something to muck around with dns and return all *.apple.com requests to 127.0.0.1-- but that's going to break all apple services on all devices.

So that leaves application level packet inspection. This can be done by using snort. While I haven't installed this on my ASUS router, I do use something like it (suricata) at work and there are rules to detect this type of traffic.

Here is a link to install snort in ASUSWRT:
http://www.snbforums.com/threads/step-by-step-snort-on-asusmerlin.27374/

and an example of rules that look for chat traffic:
https://rules.emergingthreats.net/open/snort-2.9.0/rules/emerging-chat.rules

Note however that detecting the activity is only half the puzzle. You'll need something to look at the logs and trigger some type of response too.