Netgear Parental Controls not blocking iMessages

I don't believe that that can be done from a cell phone perpective. iMessage maybe using something different. 

I'm not looking to do anything from a cell phone perspective. I'm looking to block internet traffic with the parental controls "pause internet" feature. It's only partially blocking internet traffic.

I agree entirely that "no internet" should mean NO internet.  The Wikipedia article on iMessage states that each device opens a connection to the Apple Service using a proprietary protocol.

https://en.wikipedia.org/wiki/IMessage 

I do not recall seeing any technical explanation of how Smart Parental Controls function.  Not blocking iMessage would seem to be a big gap in terms of "control".

Like @CrimpOn mentioned. iMessages is a proprietary protocol and maybe something that router mfrs are not able to get any control over. Also thinking about this, of course only as a emergency kind of use, but one reason it may not be blocked is for some urgent or emergency need, regardless of the voice, text is another means of communicating besides voice. So something that ya, is mostly chatty for everyday use. If something were to happen, I user still can use text. Something I would prefer to have available. Again this is worst case. 

If you need control over Apples iMessages, something to contact them about and see if they have any suggestions for there product. They should know. 

---

@bspennington wrote:

I'm not looking to do anything from a cell phone perspective. I'm looking to block internet traffic with the parental controls "pause internet" feature. It's only partially blocking internet traffic.

---

This is an example of the confusion caused by not having:

• A written user manual explaining what the Parental Controls is intended to do.
• A technical explanation of how Parental Controls functions.

This puts Parental Controls in the same category as the entire Advanced Tab of the Orbi web interface, but the web interface has some "Help" text for each page.

My parents no longer living with us, I have no need to control them and have never activated Parental Controls.  (Why pay for something and have no reason to use it?) So, I can only speculate about SPC.

One really cumbersome way to enforce an internet ban would be to use the "Block Services" capability in the Advanced Tab, Security Menu. Block all 65,353 TCP and UDP ports for a specific IP address.  If new devices are prevented from joining the network (Access Control) and all IP addresses are allocated in the LAN Setup table, then this should definitely kill all internet use. After the rule has been set up, just open the Block Services web page and change "Never" to "Always".  Want it back, change from "Always" to "Never".  But... what a pain in the .......

Silly me, I had imagined that Parental Controls was a convenient way to do this from a smartphone app with a simple slider.

(p.s. Yes, I know that Parental Controls is to enable parents to control, not to control parents.)

Already tried blocking specific TCP/UDP ports, but definitely not a feasible or long-term solution. Again, I'd expect that pausing internet would mean . . . pausing internet (ALL 65,535 ports). I'm hoping that Netgear is monitoring the community messages and will see that the new SPC subscription service contains a major flaw and gap.

I am 99% certain that Netgear is not monitoring the community forum.  You might get someone's attention by sending a private message to the person who announced the availability of Smart Parental Control by clicking on the screen name.

You'll have to contact Apple and see if iMessages can be blocked or not. iMessage is SMS and Text messages app that is also tied and connects to Cell phoneservices. So even if WiFi router blocked iMessages, the app will switch to cell services which is its main conenction to the text and messages services thru cell services. Something no wifi router mfr has control over. This is not a flaw in NG products. 

---

@bspennington wrote:

Already tried blocking specific TCP/UDP ports, but definitely not a feasible or long-term solution. Again, I'd expect that pausing internet would mean . . . pausing internet (ALL 65,535 ports). I'm hoping that Netgear is monitoring the community messages and will see that the new SPC subscription service contains a major flaw and gap.

---

There are no cell services associated with the devices that I'm trying to limit. An iPod, for example, is wifi only. If NG SPC were to pause all internet traffic, as implied by "pause internet", iMessages would not work.

My understanding of Parental Controls is truly primitive. For example, it is not clear to me whether Parental Controls apply to "only internet traffic", or to both internet and LAN traffic.  My guess is that 99% of customers have no local resources for minors to use and thus the intent is probably "only internet".

Apple iMessage is also confusing because it seems to use ports 80, 443, and 5223.  The issue could be as simple as Negear forgot to block TCP port 5223.  That can be done easily with the Orbi "Block Sites" feature, but the on/off issue remains. My research into iMessage is inconsistent: there are places that say the connection with Apple is on port 5223, but then other places mention if 5223 is not available is uses 80 and 443.  Very confusing.

There is also the aspect that iMessage employs the Apple Push Notification System (APNS) on port 5223. When a device connects to a network, it opens an APNS tunnel to Apple servers.  I wonder, maybe the issue is that SPC blocks creation of new connections, but does nothing about existing connections. if those Apple devices (iPod, for example) disconnect from the network and then reconnect (or do a power off/on), do they continue to get iMessages when SPC has them "off the internet"??

Normal web traffic, for example, does not maintain long term connections. A typical web page may open 100 URL's as separate connections.  In the beginning of the web, this was one of the design goals that frustrated people so much: no persistant connections.  The whole business of cookies came about in order to track session status.

Besides the iPod, another way to test this theory would be to put a random Internet of Things (IoT) device in an SPC pool. Those devices open a connection to the cloud that stays open as long as the device is powered on.  When a user wants to control the device, their smartphone app makes a connection to the cloud, which uses that open connection to reach the device.

Of course, none of my rambling solves the underlying problem.  I would appreciate if you could test the "open connection" theory.

Thats the thing, iMessages is tied to cell services. When in wifi mode it will connect to wifi and go out that way, however will revert to using cell services if it can't connect via wifi or is blocked. 

Seems only way to block it is at the ISP level:

https://www.wikihow.com/Block-Text-Messages

---

@FURRYe38 wrote:

Thats the thing, iMessages is tied to cell services. When in wifi mode it will connect to wifi and go out that way, however will revert to using cell services if it can't connect via wifi or is blocked. 

---

This may be the case with devices which have cellular connections, such as iPhones.  An iPad or iPod with no cellular modem cannot possibly do that. My wife's iPad is a "WiFi only" model, yet iMessage works.  Blocking port 5223 or blocking the Apple IP domain would work, but are not practical to turn on and off on a whim.

Ya on Wifi only models I presume it may work. Well most of us are adults here too so I presume if you blocked your wifes app, you'd hear about it. 

---

@CrimpOn wrote:

---

@FURRYe38 wrote:

Thats the thing, iMessages is tied to cell services. When in wifi mode it will connect to wifi and go out that way, however will revert to using cell services if it can't connect via wifi or is blocked. 

---

This may be the case with devices which have cellular connections, such as iPhones.  An iPad or iPod with no cellular modem cannot possibly do that. My wife's iPad is a "WiFi only" model, yet iMessage works.  Blocking port 5223 or blocking the Apple IP domain would work, but are not practical to turn on and off on a whim.

---