Messages

[Update ~ Successful initial trial!]

Update ~ Successful initial trial!


So this is how I did it

Via Firewall Aliases set up the following domains list:
•   whatsapp.com
•   whatsapp.net
•   wechat.com
•   wechat.net
•   messenger.com
•   www.facebook.com
•   orcart.facebook.com
•   fbstatic-a.akamaihd.net
•   api.facebook.com
•   orcart.facebook.com
•   fbexternal-a.akamaihd.net
•   fbcdn-profile-a.akamaihd.net
•   graph.facebook.com

Open the following ports (both TCP and UDP) on the firewall for outgoing traffic:
•   80
•   443
•   5222
•   5223
•   5228

Next, setup traffic shaping.
Pipe all download on the network (destination) at 256kbps
Pipe all upload on the network (destination) at 64kbps

Add these firewall Rules along with the outgoing ports
https://www.dropbox.com/s/9je3c8th3d3klom/Screenshot%202018-04-23%2012.22.14.png

(Ignore the first one thats just the default Open Kimono I use before cracking down on my firewalls)

And voila!


Results

Now the network has only been functioning for about 24 hours.
So far, text messaging is possible on Whatsapp, We Chat and Facebook Messenger.
Voice messages are only allowed through on WeChat if they are short enough.
Image transfer fails on all 3.
Voice calls fails on all 3.
Video chat fails on all 3.
No browsing is possible so far.
We have not seen any http traffic, and the network is wide open on the WiFi no authentication.

Note: On cellphones you may get a warning that the network doesn't have a connection to the internet since its locked down so tight, just ignore it and add an exception in the device.

I'll do another update once there's customer feedback.

Line wasn't ever necessary for this system, but I still haven't figured out how to let it through thats sort of a pet project of mine, might try again in the future.

Thank you very much for your input, I'll be testing this system over the next few weeks might take months to finish the entire network since its meant to be used at high latitudes, but I will share my solution or at least experience with this issue as I continue.

Edit: At the moment I'm looking into how deep I can go with traffic shaping rather than proxy filtering for different kinds of data transfer, since the open network will be dedicated to apps and not regular internet usage so it wont impact other users.

In theory it is impossible to know the content of such a message but there is still metadata. For example, you can see that the connection to port 443 has lots of uplink traffic compared to downloads. From this perspective it is the job of a proxy or the IPS to drop the connection. Please note that this is very likely prone to errors.

So if I were to filter every user on this network through a 20kbps pipe, theoretically the network would only allow messages since other transfers usually cancel themselves within the app. But is there a way to link specific ports to types of data transfer or should I stick to data throttling? I've found very little information about the way these apps work over a network, though I've mostly looked into WhatsApp since its my priority.

[I'm looking for a way to set up an open network for guests which only allows the transfer of messages over applications.]

Hello everyone

I'm looking for a way to set up an open network for guests which only allows the transfer of messages over applications.
We want to keep the data transfer as light as possible, only a few KB per person.

The transfer of images/audio files/videos should be impossible.

So far I've thought of making a completely restricted network (No LAN traffic allowed) with the exception of a list of ports and networks pertaining to the following apps:
-Whatsapp
-WeChat
-Line
-Facebook Messenger

But I have no idea how to block media transfer.