Overview

 

This article provides the steps on how to block Apple Bonjour communication in Kerio Control.

 

---

Prerequisite(s)

 

Access to Kerio Control Webadmin

 

---

Information 

 

Bonjour is a software that comes pre-built in Apple's OS X and iOS operating systems. This software provides a general method for the applications to discover shared services on a local area network, printer discovery wizard and IE plug-in for discovering local Web servers. It allows users to set up a network without any configuration.

Bonjour can also be installed on computers running Windows. It may be included within other software such as iTunes and Safari. iTunes for PC uses Bonjour to find shared music, iPhoto to find shared photos, iChat, etc.

 

---

Process

 

Disable/Uncheck Service Discovery forwarding in Configuration > Security settings > Zero-configuration Networking tab:

On the MAC Filter tab, check the Enable Mac Filter option and add the following MAC addresses to the prevent-access list: Protocol MAC Address IPv4 01:00:5E:00:00:FB IPv6 33:33:00:00:00:FB

Create a specific traffic rule to block: Bonjour IP addresses: 224.0.0.251 – multicast IPv4 address FF02::FB – multicast IPv6 address UDP port

 

---

Troubleshooting

 

For verbose output, you can perform the following procedure:

1. Enable DNS Messages and Zero Conf services in debug logs.

2. Reproduce the issue by using an iPad/iPhone and searching for AppleTV. Make sure Bluetooth is turned off.

   Note: AppleTV supports peer to peer airplay (via Bluetooth) without using wifi. Kerio Control won't be able to block Bonjour if Bluetooth is used.

3. Once the issue is reproduced, save the debug logs and submit them to GFI support.

 

---

Confirmation

 

Apple Bonjour traffic should be completely blocked.

 

---

Related Articles

 

• How to Block Apple Bonjour on your Local Network
• Prevent Airplay from working across VLANs?

 

back to top