pfSense firewall rules for WhatsApp on Android

Additional firewall tweaks are needed for WhatsApp to work on Android devices when behind adam:ONE’s security feature - DTTS. Detailed instructions are captured in this YouTube video here: https://youtu.be/Qn0EeOnqIRE.

For simplicity, you can also follow the step by step instructions from your pfSense WebGUI below:

1. Create a Port Alias:

  • Firewall -> Aliases -> Ports -> + Add
    • Name: WhatsAppPortsTCP
    • Port: 443
  • -> + Add Port
    • Port: 5222
  • Save (bottom) -> Apply Changes (top right)

2. Create a URL Alias:

  • Firewall -> Aliases - URLs -> + Add
    • Name: WhatsAppIPv4_URL
    • Type: URL Table (IPs)
    • URL Table (IPs): https://adamnetworks.dev/pub/fwaliases/raw/master/ips/whatsapp.txt /(update frequency): 1
  • Save (bottom) -> Apply Changes (top right)

3. Create an IP Alias:

  • Firewall -> Aliases - IP -> + Add
    • Name: Facebook_IPv4_STUN
    • Type: Network(s)
    • Network or FQDN: 31.0.0.0 / 8
  • Save (bottom) -> Apply Changes (top right)

4. Create a TCP-based Firewall Rule:

  • Firewall -> Rules -> LAN -> Add
  • Under Edit Firewall Rule
    • Protocol: TCP
  • Under Destination
    • Change any to Single host or alias
    • Destination Address: WhatsAppIPv4_URL (alias)
    • Custom (From Port): WhatsAppPortsTCP
    • Custom (To Port): WhatsAppPortsTCP
  • Under Extra Options
    • Description: adam:ONE Enabler for WhatsApp for Android App compatibility
  • Save (bottom) -> Apply Changes (top right)

5. Create a UDP-based Firewall Rule:

  • Firewall -> Rules -> LAN -> Add
  • Under Edit Firewall Rule
    • Protocol: UDP
  • Under Destination
    • Change any to Single host or alias
    • Destination Address: Facebook_IPv4_STUN (alias)
    • From (Port): STUN (3478)
    • To (Port): STUN (3478)
  • Under Extra Options
    • Description: adam:ONE Enabler for WhatsApp Audio and Video
  • Save (bottom) -> Apply Changes (top right)

Note: If you have existing “block” rules, make sure to place or drag this rule above them.te that we should define at some point.