My wife's iPhone just got its update to allow for RCS chat, but we noticed it was not working as intended. My first assumption was a firewall rule, and sure enough, I was able to find the issue.

Looking in the Firewall Logs, I see multiple blocks for 216.239.36.131 on port 5223(tcp) from her phone's IP address.

A WHOIS for that IP shows the owner as Google...promising. Searching that IP in VirusTotal has a commend that the IP is associated with telephony.goog. A quick nslookup for that domain confirms this information.

Repeating this process with a few more IPs from the logs yields the list:

• telephony.goog
• rcs.telephony.goog

Many domains are associated with this IP but all resolve the same. So the RCS domain above is sufficient for PFSense.

The Steps

So time to create the necessary plumbing in PFSense to allow this traffic.

1. Create an alias for telephony.goog and rcs.telephony.goog
2. (Optional) Create a DHCP reservation for the affected devices.
3. Create and alias for the affected device IPs. I have an alias phones for just this purpose.
4. Create pass rule with those aliases/IPs and port 5223(tcp)

There you go, you should have working iPhone RCS now!