Blocking Apple DNS

[t1m0]

I want to block Apple services on Apple devices, primarily APNS (Apple Push Notification Service).



My plan was as follows:



Use a VPS (Virtual Private Server) with Squid Proxy and Adguard in Docker. This way, I can simply go to the Wi-Fi settings on my iPad, configure the proxy and DNS. Up to this point, everything works fine. With the DNS and proxy, I am able to block almost all iCloud and Apple services. But not completely.



Problem: APNS still functions.



APNS port is 5223, which I can block. However, if it is not reachable, it switches to port 443. If I block port 443, for example, I won't be able to access Google.



Consideration: I block the entire Apple IP range (17.0.0.0/8). However, this still doesn't seem to work.



What would be an alternative approach or solution to address my specific requirement? I can find many articles online on how to solve the issue of devices not receiving push notifications, but none of them explain how to actually create this problem.

 

[KGIII]

I'm not sure what this has to do with Linux. Perhaps you can fill us in on how this relates to Linux, 'cause we're a Linux forum and not really an Apple forum.

 

[t1m0]

I wanna know how to block APNs using a Proxy.

 

[PuppyHome]

I wanna know how to block APNs using a Proxy.

You can't.

Device to APNS is on 5223, and is not proxyable.

 

[t1m0]

So, if I‘am understanding this right?:

With Squid, I only can restrict access to websites or IPs that I try to access via http or https.

 

[KGIII]

Are you planning on using Linux for some sort of proxy server?

Because, otherwise, this still doesn't appear to have anything to do with Linux.

Also, you don't need Linux to set up a proxy server. That's not something that's required. While Squid specifically doesn't have an Apple option, it does have a Windows option. But, there's surely tools for Apple that will accomplish the same thing.

 

[t1m0]

I already have an Squid Proxy Server running. I wanna know if I even can block ports with squid.

So if I wanna connect to a certain IP at some port. But on the proxy Server the port is blocked. It won’t connect.

Is that even possible with a proxy Server?

 

[f33dm3bits]

I wanna know if I even can block ports with squid.
Is that even possible with a proxy Server?

https://www.cyberciti.biz/faq/linux-unix-squid-proxy-filtering-particular-port

 

[dobeshow]

You could use iptables on the VPS to first log then block the connection attepmt. You should run a firewall on that machine anyway, so this would be the easiest approach.
How are you connecting to that VPS (and squid)? With a VPN?

 

[t1m0]

I‘m connected to VPS via the public IPv4. The Squid port is open.

So if I setup as example a WireGuard on that VPS. Connect to the WireGuard VPN. Block a certain IP (example: 12.34.56.78) on the VPS via iptables. And then try to access this IP, I should not reach that IP at any Port.

Would that work?

 

[vs2-free-users]

Hi,

a bad practise solution is:

• Create your own dns server
• Set rules which domains should not resolv
• Create (ip(6)tables) firewall-rules on your router to redirect dns traffic to your own dns

 

[Brickwizard]

Not my field, but have you tried using your firewall to block ports 5223 &443 [both used for apple push notices.]

 

[dobeshow]

Wireguard, yes. But that should be the first thing you set up there; After the firewall.
You're running that proxy server for the whole internet... What about SSH? Is that open too?
This is getting out of hand. You need to recycle that VPS and start from scratch.
Make sure you're the only one able to connect.

But as GKIII already pointed out, this only partly relates to linux and IMO you should delete that system and start with a fresh one, incl. the ip address. Or maybe pay someone to do it for you...

regards,
CS