How to block facebook?
-
FACEBOOK_ALLOW="192.168.1.12 192.168.1.14 192.168.1.111"
iptables -N FACEBOOKiptables -I FORWARD -m tcp -p tcp -m iprange –dst-range 66.220.144.0-66.220.159.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 80 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 80 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 80 -j FACEBOOKFACEBOOK ALLOW
for face in $FACEBOOK_ALLOW; do
iptables -A FACEBOOK -s $face -j ACCEPT
done
iptables -A FACEBOOK -j REJECT -
Which would be better if pfSense was Linux ;)
-
no no….. list of IP's facebook use. Thats all. Should have made that clear.
-
Hi try my post. It work for me and the rest of my friends. Search "How to block facebook in 4 ways" or click this link http://forum.pfsense.org/index.php/topic,39849.msg205547.html#msg205547
jigp
-
My solution was to create an Alias with the following network entries
66.220.144.0/20
69.63.176.0/20
204.15.20.0/22and then block that Alias in firewall rules.
This appears to work for me as long as I've disabled ipv6 support (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. In windows, stop and disable the service "IP Helper".
-
Blocking apps.facebook.com will do the job too.
-
Check How to block facebook. It's in Portuguese but you can translate it to English with the Translator at top right of the page. This link has more facebook networks other than that were posted earlier.
-
I've always found it irritating when people dance around my question instead of answering it directly, so I'll try to avoid doing so myself.
I had similar issues with squid/squidguard myself and it was due to the parameters squidguard uses in squid being deleted somehow. I don't know if there is a better way, but what I did was uninstall both squid and squidguard, delete their entries in /var/ (just for extra measure), then install and configure just squid w/ transparent proxy. verify it was working, then install and configure squidguard. This worked for me shrugs YMMV. Just so you know, I have since reinstalled that pfsense box, so I have no idea if there were any issues over a period of time.
Also, in reference to blocking hosts while it may be good for "extra measure", it's kinda like mac address filtering, it really isn't all that helpful in the end. What you want to if you want to make absolute sure a site is blocked is prevent access via IP address (trying to surf to facebook via IP doesn't work anyway), prevent circumvention of DNS settings, and prevent all use of proxy servers and remote login software of any kind. If you can successfully do these things, they wont be able to get to places you dont want them.
-
Kamel,
But the issue being that if you configure transparent proxy in any way the users just browse over to https://www.facebook.com and access it anyways.
So I found the best way is to block the facebook CIDRs.
Regards,
joako
-
Try my post <http: forum.pfsense.org="" index.php="" topic,39849.msg205547.html#msg205547="">and test it. Make a rule that reject 443/80 ports and destination all CIDR of facebook. It works form me even if they use https or http.
jigp</http:>
