The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - saywhat

Pages: [1]
1
Traffic Shaping / L7 Protocol Definitions for iMessage and Facetime
« on: November 22, 2011, 10:50:53 am »
I am looking to block the use of FaceTime and iMessage over our network from iOS Devices.

Apple docs claim that Factime uses a few UDP ports up in the 16xxx range, plus 80, 443 and 5223. 80 and 443 are open on pfSense for obvious reasons. Turns out if Facetime or iMessage cannot use those 16xxx ports they just stream the whole lot down 443. Which makes blocking them something I cannot figure out (bar blocking 443 to the entire 17.x.x.x subnet which Apple own.) That is not an option as we still need push notifications for other apps and also wish to use iCloud which also relies on this.

My question is, Facetime and iMessage send over 443 to apple encrypted. Can a Layer 7 protocol definition be made up to encompass this and if so does anyone happen to have one lying about ? :) As im afraid I dont believe I am advanced enough to write one.

Thanks in advance for any pointers
Colin

Pages: [1]