HOW TO BLOCKED FACEBOOK PER USER WITHOUT SQUID?



  • Hi, Pfsense team.

    Anyone can help? Who's knowledgeable?

    Thank you!!

    best regards,

    Larry


  • Rebel Alliance Developer Netgate



  • Hi larry88, You can first create in Firewall – Alias and here add a new Alias with name "social_network" and You select URL and add Facebook.com, www.facebook.com and es-la.facebook.com and save. After of this create in Firewall rules in LAN a one políticas from host (192.168.x.y) to Alias "social_network" Port destiny HTTPS and create other rule dame but with HTTP and this all. Tell me this work for You.


  • Rebel Alliance Developer Netgate

    @klausneil:

    Hi larry88, You can first create in Firewall – Alias and here add a new Alias with name "social_network" and You select URL and add Facebook.com, www.facebook.com and es-la.facebook.com and save. After of this create in Firewall rules in LAN a one políticas from host (192.168.x.y) to Alias "social_network" Port destiny HTTPS and create other rule dame but with HTTP and this all. Tell me this work for You.

    That is not an effective way to block a site such as Facebook. See the link I posted for a better solution.



  • That is not an effective way to block a site such as Facebook. See the link I posted for a better solution.

    Relax jimp, this work for me and i shared with larry88 if you do not like, well, i not force to follow only comment my expirence. Bye.


  • Rebel Alliance Developer Netgate

    If it works, it works by accident or luck. It is not a good solution. Spreading bad information doesn't help anyone.



  • The lucky there not exists only the facts (at least in science), but if you think you have the right, we can do, just ignore what I proposed and be happy. bye


  • Moderator

    @klausneil:

    Hi larry88, You can first create in Firewall – Alias and here add a new Alias with name "social_network" and You select URL and add Facebook.com, www.facebook.com and es-la.facebook.com and save. After of this create in Firewall rules in LAN a one políticas from host (192.168.x.y) to Alias "social_network" Port destiny HTTPS and create other rule dame but with HTTP and this all. Tell me this work for You.

    Hi klausneil,

    The reason why this solution is not ideal, is that when you create the pfSense Alias for those Facebook URLs, it pulls only a small group of IPs for those URLs. Since Facebook can use a lot of different IP addresses, this solution is hit/miss. The URL alias is also not updated that frequently.

    To block a site like Facebook, you have a couple options:

    1. Proxy Server (ie: Squid)

    2. DNS Override - "redirect" any DNS request to those URLs to 127.0.0.1, but users can still get around that by using the IP address in the Browser, since it doesn't require DNS resolution.

    3. JimP posted a link above which collects the IPs for an AS number. These IPs can then be used more effectively in a blocklist.

    This can be automated with the pkg - pfBlockerNG:
    https://www.reddit.com/r/PFSENSE/comments/402a89/facebook_block_not_working/

    Hope that helps…

    edit:

    1. Use the Snort OpenAppID processor.


  • thanks BBcan177 by response. I will keep it in mind, good luck



  • Sir, jimp, klausneil, BBcan177

    still not working…how to fixed it if without squid? is just like linksys router can you do that as simply code..
    but our purpose is government employee's...so, We need two options1,2.; defficult and easy setup for blocking website..

    Thank you!!



  • Perhaps if you posted your work, we could see what you have tried to do.  The solutions already mentioned work just fine.



  • @BBcan177:

    1. Use the Snort OpenAppID processor.

    BBcan177, could you post on how to do this, or a link? If I remember correctly there are no GUI settings to facilitate this (other than just turning on the OpenAppID processor)..


Log in to reply