How to block facebook?

jigpe

Ok thanks ill try that too.
OT: is there a way to change the default proxy squid host and port 3128? I have a private proxy and port but upon reading the /var/squid its not there anymore…
jigp
Davao City

josey

just use transparent proxy it is easy way to set it up

iamthed

@josey:

just use transparent proxy it is easy way to set it up

i have some problem with transparent proxy since i used bridge method..
dvserg say bridge method can't use transparent proxy..
and if i'm not using bridge method.. i can't connect to internet..
weird isn't it?
or i'm dumb enough..
dunno which one

Bern

How about using OpenDNS?

So far it's worked perfectly for me in about 10 clients' offices.

We had to make squid use OpenDNS's DNS servers and kept everything else on the respective ISP's DNS servers because OpenDNS was occasionally blocking access to hotmail's MX records etc, which caused problems with outbound mail.

jigpe

Thanks. I will use opendns again. Though some sites are blocked without setting up the menu there in the opendns site :(
Sometimes i disabled opendns just to access the site..

thanks,
jigp
Davao City

MikeKulls

My solution was to create an Alias with the following network entries
66.220.144.0/20
69.63.176.0/20
204.15.20.0/22

and then block that Alias in firewall rules.

john doe

FACEBOOK_ALLOW="192.168.1.12 192.168.1.14 192.168.1.111"
iptables -N FACEBOOK

iptables -I FORWARD -m tcp -p tcp -m iprange –dst-range 66.220.144.0-66.220.159.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 80 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 80 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 80 -j FACEBOOK

FACEBOOK ALLOW

for face in $FACEBOOK_ALLOW; do
    iptables -A FACEBOOK -s $face -j ACCEPT
done
iptables -A FACEBOOK -j REJECT

Cry Havok

Which would be better if pfSense was Linux ;)

john doe

no no….. list of IP's facebook use. Thats all. Should have made that clear.

jigpe

Hi try my post. It work for me and the rest of my friends. Search "How to block facebook in 4 ways" or click this link http://forum.pfsense.org/index.php/topic,39849.msg205547.html#msg205547

jigp

orthopteroid

@MikeKulls:

My solution was to create an Alias with the following network entries
66.220.144.0/20
69.63.176.0/20
204.15.20.0/22

and then block that Alias in firewall rules.

This appears to work for me as long as I've disabled ipv6 support (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. In windows, stop and disable the service "IP Helper".

marcelloc

Blocking apps.facebook.com will do the job too.

johnnybe

Check How to block facebook. It's in Portuguese but you can translate it to English with the Translator at top right of the page. This link has more facebook networks other than that were posted earlier.

Kamel

I've always found it irritating when people dance around my question instead of answering it directly, so I'll try to avoid doing so myself.

I had similar issues with squid/squidguard myself and it was due to the parameters squidguard uses in squid being deleted somehow. I don't know if there is a better way, but what I did was uninstall both squid and squidguard, delete their entries in /var/ (just for extra measure), then install and configure just squid w/ transparent proxy. verify it was working, then install and configure squidguard. This worked for me shrugs YMMV. Just so you know, I have since reinstalled that pfsense box, so I have no idea if there were any issues over a period of time.

Also, in reference to blocking hosts while it may be good for "extra measure", it's kinda like mac address filtering, it really isn't all that helpful in the end. What you want to if you want to make absolute sure a site is blocked is prevent access via IP address (trying to surf to facebook via IP doesn't work anyway), prevent circumvention of DNS settings, and prevent all use of proxy servers and remote login software of any kind. If you can successfully do these things, they wont be able to get to places you dont want them.

joako

Kamel,

But the issue being that if you configure transparent proxy in any way the users just browse over to https://www.facebook.com and access it anyways.

So I found the best way is to block the facebook CIDRs.

Regards,

joako

jigpe

Try my post <http: forum.pfsense.org="" index.php="" topic,39849.msg205547.html#msg205547="">and test it. Make a rule that reject 443/80 ports and destination all CIDR of facebook. It works form me even if they use https or http.

jigp</http:>