The Mikrotik firewall is layer 3 and layer 4, we can make certain configurations at layer 7 but not all of them will work. In this case, we would have to identify ports and protocols to dial WhatsApp calls, but this does not guarantee that the dialing will work.
You can configure rules on a MikroTik router to limit incoming Wi-Fi connections so that only WhatsApp calls are allowed. This is achieved using the firewall capabilities of the MikroTik router, specifically through the Layer7 Protocol and mangle rules.
Although WhatsApp uses various IP ranges and ports for its services, and these may change, it is possible implement an approach For this purpose.
To make a configuration that attempts to limit traffic to only WhatsApp calls, you would need to follow these general steps:
1. Identify the IP Addresses and Ports Used by WhatsApp
WhatsApp uses a variety of IP addresses and ports. For calling, it typically uses the UDP port range 3478-3481, although it can also use other ports and protocols (TCP) for signaling and other services. Specific IP addresses may vary and belong to blocks assigned to Facebook (owner of WhatsApp).
2. Create Layer7 Protocol Rules
This involves identifying the WhatsApp traffic pattern (which can be complex and subject to change) and creating a rule in the firewall that recognizes it.
3. Create Mangle Rules to Mark Traffic
Using the mangle feature, you can mark traffic that matches the Layer7 pattern or specific ports used by WhatsApp.
4. Create Firewall Rules to Allow/Deny Traffic
With flagged traffic, you can create rules that specifically allow WhatsApp calls and reject all other traffic.
Here is a basic example of how you could start configuring this, keep in mind that you will need to adapt the rules to the specific IP addresses and ports that WhatsApp is using at the time of your configuration:
/ip firewall layer7-protocol
add name=whatsapp regexp=".*(whatsapp).*"
/ip firewall mangle
add action=mark-connection chain=prerouting dst-port=3478-3481 protocol=udp layer7-protocol=whatsapp new-connection-mark=whatsapp_conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=whatsapp_conn new-packet-mark=whatsapp_pkt passthrough=no
/ip firewall filter
add action=accept chain=forward packet-mark=whatsapp_pkt
add action=drop chain=forward connection-mark=!whatsapp_conn
These rules are very basic and general. WhatsApp and other services frequently change their IPs and methods to prevent this specific type of filtering, so keeping rules for this purpose up to date can be challenging and require constant monitoring of network sessions to adjust settings as network patterns change. traffic.
Last
Please note that implementing this type of control may affect the quality of WhatsApp calls or even prevent them from connecting, depending on how WhatsApp decides to route calls at the time. Additionally, these types of setups can be affected by end-to-end encryption and other obfuscation techniques that WhatsApp might use.
There are no tags for this post.