Blocking Pokemon Go from my network – How I did it, and how you can too!
AWESOME EDIT on AUGUST 9th:
While I played Pokemon Go for like 2 weeks, yea, I got bored of it, and yea, the blockade doesn’t work any more with the current lists of IPs, but I’m updating this article really soon to include the new IP ranges. Also, thanks for the awesome reception of this post, it’s been getting tons of hits 🙂
Hey everyone.
I really hate Pokemon Go. It’s a really, really, REALLY stupid app. I absolutely hate it. I tried it for 5 minutes, and guess what, I hated it! Fact is, I hate it so much, I decided for the fun of it to block it from my home network entirely.
I did this so whenever an avid Pokemon Go fan comes to my house, for a hang out or a sleepover, they can’t play Pokemon Go. There’s zero cell service where I live, so really, my WiFi is the only alternative to that. And here, is how I did it.
First, I installed the Pokemon Go app on my iPhone. Initially, through my router, I sniffed out where my phone was connected to, in regards to Pokemon Go servers, using DD-WRT’s built in packet sniffer. At the start, I immediately found some IPs, which I looked up through IP-tracker.org. However, I was indeed a little bit confused, are these the real IP ranges? I also saw some Google addresses in there as well, and I didn’t want to mess with disabling Google services for my entire network. I decided to head to Reddit, to see what people were coming up with IP ranges.
Long story short, about an hour later, I had blocked nearly every IP range. I thought I failed at my iptables config (in reality, I actually didn’t, it’s just I forgot to block a server), and I almost did it. When looking through the packet sniffer on DD-WRT, I saw on port 443, every IP had a TIME_WAIT status, but one server. And that, that was a Google server. I in the end decided to block it, and bam, Pokemon Go was long gone from my home network.
I decided to not keep the changes permanent, but instead, just keep a text file laying around with the IP ranges whenever someone heads over. This entire thing was just for the fun of it, and I didn’t want this block to be permanent, with fears of disrupting some services. However, here’s as of July 15, the current IP ranges you need to block Pokemon Go:
54.241.32.0/24 (54.241.32.0-54.241.32.255)
71.125.136.0/24 (71.125.136.0-71.125.136.255)
37.58.73.0/24 (37.58.73.0-37.58.73.255)
169.46.12.0/24 (169.46.12.0-169.46.12.255)
108.168.211.0/24 (108.168.211.0-108.168.211.255)
50.22.4.0/24 (50.22.4.0-50.22.4.255)
130.211.188.132
But how do you do it? It depends. It really does. I’ll give the tutorial doing it through DD-WRT (or any custom router firmware running on linux, that you can telnet/ssh into), and the generic way, for any other router. My router has DD-WRT installed, so here’s how you can, really on any custom router firmware running on Linux.
Obviously, this does involve the spooky little terminal. Don’t worry, it’s all okay. First off, make sure to turn on either Telnet or SSH. While Telnet is miles unsecure, it’s basic enough for the job, and doesn’t involve any extra configuration. In the end, this is going through the local network. However, if you run a bigger network, better use SSH, as it’s more secure. Either one does the job. For DD-WRT, you can find these options under Services.
Next, go ahead and find a Telnet or SSH client. I recommend for Telnet the built-in Microsoft Telnet client (which you may need to download), and for SSH, Bitvise SSH Client (which is a download). After that, go ahead and Telnet/SSH into your router. The username most of the time will be root, the password is what you use to log into the web GUI.
After that, type in these commands into the terminal:
iptables -I FORWARD -d 54.241.32.0/24 -j DROP
iptables -I FORWARD -d 71.125.136.0/24 -j DROP
iptables -I FORWARD -d 37.58.73.0/24 -j DROP
iptables -I FORWARD -d 169.46.12.0/24 -j DROP
iptables -I FORWARD -d 108.168.211.0/24 -j DROP
iptables -I FORWARD -d 50.22.4.0/24 -j DROP
iptables -I FORWARD -d 130.211.188.132 -j DROP
Go ahead and try connecting to Pokemon Go. It shouldn’t work. Congrats! If it still works, make sure you have all the addresses in correctly. Or, this tutorial is out of date, and Pokemon Go has added extra servers. I’ll try to keep this tutorial up to date, however.
On generic routers, your best bet is to try blocking the IP ranges or IPs listed above. It’s miles different across each router, each manufacturer, and each system. Look up on how to do it on your router if you don’t have Telnet/SSH access. You can, however, still do the entire iptables command hack listed above, if you have the option to enable Telnet/SSH on your router, or at least hack it into your router.
And for the extra special nerds, here’s a horrible song I put together about blocking Pokemon Go. Enjoy.
[Verse 1]
I wanna block Pokemon IPs
Like no one ever has
To find them is my real test
To block them is my cause
I will travel across the sniffers
Searching far and wide
Each IP to understand
Where it links to
[Chorus]
IPs! Gotta catch ’em all! It’s me and iptables
I know it’s my mission,
iptables! Oh you’re my best friend
In a world we must block
Linux! An OS so true
iptables will pull us through,
You block them and I’ll find them,
IPs! Gotta catch’em all
[Chorus]
Every error along the way
With courage I will face.
I will struggle for hours
To block Pokemon Go.
Come with me,
The time is right,
There’s no better time.
Arm in arm we’ll block them all!
It’s always been our dream!
[Chorus]
Anyways, hope you have fun blocking Pokemon Go 🙂
-owen
Edit 1 (7/17): No surprise, after yesterday’s DDoS attack on their servers, it seems as of PG has new login servers. I’m sniffing them out.
Try to block these servers
iptables -I FORWARD -d 130.211.14.80 -j DROP
iptables -I FORWARD -d 174.35.22.153 -j DROP
iptables -I FORWARD -d 174.35.22.140 -j DROP
iptables -I FORWARD -d 174.35.22.49 -j DROP
iptables -I FORWARD -d 174.35.22.169 -j DROP
iptables -I FORWARD -d 216.239.32.21 -j DROP
iptables -I FORWARD -d 216.239.34.21 -j DROP
iptables -I FORWARD -d 216.239.36.21 -j DROP
iptables -I FORWARD -d 216.239.38.21 -j DROP
Here is some info about pokemon go servers:
canonical name pgorelease.nianticlabs.com.
aliases
addresses
130.211.14.80
canonical name: club.pokemon.com.cdnga.net.
aliases: club.pokemon.com
addresses:
174.35.22.153
174.35.22.140
canonical name: sso.pokemon.com.cdnga.net.
aliases: sso.pokemon.com
addresses
174.35.22.49
174.35.22.169
canonical name: nianticlabs.com.
aliases
addresses:
2001:4860:4802:32::15
2001:4860:4802:34::15
2001:4860:4802:36::15
2001:4860:4802:38::15
216.239.32.21
216.239.34.21
216.239.36.21
216.239.38.21