Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HOW TO BLOCKED FACEBOOK PER USER WITHOUT SQUID?

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 6 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      larry88
      last edited by

      Hi, Pfsense team.

      Anyone can help? Who's knowledgeable?

      Thank you!!

      best regards,

      Larry

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        https://doc.pfsense.org/index.php/Blocking_websites

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • ? Offline
          A Former User
          last edited by

          Hi larry88, You can first create in Firewall – Alias and here add a new Alias with name "social_network" and You select URL and add Facebook.com, www.facebook.com and es-la.facebook.com and save. After of this create in Firewall rules in LAN a one políticas from host (192.168.x.y) to Alias "social_network" Port destiny HTTPS and create other rule dame but with HTTP and this all. Tell me this work for You.

          1 Reply Last reply Reply Quote 0
          • jimpJ Offline
            jimp Rebel Alliance Developer Netgate
            last edited by

            @klausneil:

            Hi larry88, You can first create in Firewall – Alias and here add a new Alias with name "social_network" and You select URL and add Facebook.com, www.facebook.com and es-la.facebook.com and save. After of this create in Firewall rules in LAN a one políticas from host (192.168.x.y) to Alias "social_network" Port destiny HTTPS and create other rule dame but with HTTP and this all. Tell me this work for You.

            That is not an effective way to block a site such as Facebook. See the link I posted for a better solution.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • ? Offline
              A Former User
              last edited by

              That is not an effective way to block a site such as Facebook. See the link I posted for a better solution.

              Relax jimp, this work for me and i shared with larry88 if you do not like, well, i not force to follow only comment my expirence. Bye.

              1 Reply Last reply Reply Quote 0
              • jimpJ Offline
                jimp Rebel Alliance Developer Netgate
                last edited by

                If it works, it works by accident or luck. It is not a good solution. Spreading bad information doesn't help anyone.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • ? Offline
                  A Former User
                  last edited by

                  The lucky there not exists only the facts (at least in science), but if you think you have the right, we can do, just ignore what I proposed and be happy. bye

                  1 Reply Last reply Reply Quote 0
                  • BBcan177B Offline
                    BBcan177 Moderator
                    last edited by

                    @klausneil:

                    Hi larry88, You can first create in Firewall – Alias and here add a new Alias with name "social_network" and You select URL and add Facebook.com, www.facebook.com and es-la.facebook.com and save. After of this create in Firewall rules in LAN a one políticas from host (192.168.x.y) to Alias "social_network" Port destiny HTTPS and create other rule dame but with HTTP and this all. Tell me this work for You.

                    Hi klausneil,

                    The reason why this solution is not ideal, is that when you create the pfSense Alias for those Facebook URLs, it pulls only a small group of IPs for those URLs. Since Facebook can use a lot of different IP addresses, this solution is hit/miss. The URL alias is also not updated that frequently.

                    To block a site like Facebook, you have a couple options:

                    1. Proxy Server (ie: Squid)

                    2. DNS Override - "redirect" any DNS request to those URLs to 127.0.0.1, but users can still get around that by using the IP address in the Browser, since it doesn't require DNS resolution.

                    3. JimP posted a link above which collects the IPs for an AS number. These IPs can then be used more effectively in a blocklist.

                    This can be automated with the pkg - pfBlockerNG:
                    https://www.reddit.com/r/PFSENSE/comments/402a89/facebook_block_not_working/

                    Hope that helps…

                    edit:

                    1. Use the Snort OpenAppID processor.

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    1 Reply Last reply Reply Quote 0
                    • ? Offline
                      A Former User
                      last edited by

                      thanks BBcan177 by response. I will keep it in mind, good luck

                      1 Reply Last reply Reply Quote 0
                      • L Offline
                        larry88
                        last edited by

                        Sir, jimp, klausneil, BBcan177

                        still not working…how to fixed it if without squid? is just like linksys router can you do that as simply code..
                        but our purpose is government employee's...so, We need two options1,2.; defficult and easy setup for blocking website..

                        Thank you!!

                        1 Reply Last reply Reply Quote 0
                        • KOMK Offline
                          KOM
                          last edited by

                          Perhaps if you posted your work, we could see what you have tried to do.  The solutions already mentioned work just fine.

                          1 Reply Last reply Reply Quote 0
                          • A Offline
                            AR15USR
                            last edited by

                            @BBcan177:

                            1. Use the Snort OpenAppID processor.

                            BBcan177, could you post on how to do this, or a link? If I remember correctly there are no GUI settings to facilitate this (other than just turning on the OpenAppID processor)..


                            2.6.0-RELEASE

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.