8298 questions

9759 answers

15542 comments

13863 members

+2 votes
1,630 views 1 comments
by

Hi, I would like to block Google Update services (they are running on 5228, 5229 and 5230). What is te best way of doing that on this router?

2 Answers

+1 vote
by
Hello,

To block ports 5228, 5229 and 5230 on Teltonika router please navigate to Network -> Firewall -> Traffic Rules in router's WebUI.

Then add new traffic rule and specify ports which need to be block and set Action field to "drop".

More information regarding traffic rules could be found in teltonika wiki:

https://wiki.teltonika.lt/index.php?title=Firewall#Traffic_Rules
Best answer
+1 vote
by
Hello,

I'd like to suggest you a different solution: instead of blocking ports, you could block dns requests made for  resolving names used for google update service. Using tcpdump from RUT950 console you can intercept requests for ggpht.com, android.clients.google.com and play.google.com; then take the hex strings corresponding to each domain and compose the rules for iptables using string module:

iptables -t mangle -A POSTROUTING -m string  --algo bm --hex-string '|676770687403636f6d|' -j DROP

iptables -t mangle -A POSTROUTING -m string  --algo bm --hex-string '|616e64726f696407636c69656e747306676f6f676c6503636f6d|' -j DROP

iptables -t mangle -A POSTROUTING -m string  --algo bm --hex-string '|706c617906676f6f676c6503636f6d|' -j DROP

then put the them in the firewall custom rules.

For example ggpht.com corresponds in tcpdump to ggpht?com that in hex corresponds to 676770687403636f6d. The strings in the rules are closed in single quotes and pipes.

I hope that this can be util.
by
This would also work.

However, this type of packet analysis would slow down the router's data transfer speed a bit and considerably up the CPU load numbers.