How to block HTTPS Facebook and Youtube in a specific time and IP range??



  • pfSense masters! can you teach me how to block HTTPS Facebook and Youtube in a specific  time and IP range? Or to block all HTTPS Facebook and Youtube traffic and specify only the allowed time for users to have access. Comments will be deeply appreciated. Thanks!



  • Hi,

    You will have to install squid and squidguard.

    Also to block https sites you have to enable SSL Filtering. Chose the option Splice whitelist and Bump otherwise. Create a whitelist of https site which you want to pass. Rest all will be bumped.

    Hope this helps you.
    Ashima



  • Hi,

    I was able to block those 2 sites without using any packages. Using only the firewall rules, you can achieve this.

    What I did is, first identify those sites IP address ranges, you might find this part difficult.
    But if you manage to collect and identify the correct IPs, you will get what you want. You may try to search 'ipinfo facebook'

    Lets assume you already got the IPs, next you need to do is create an alias and add those IPs you just collected. Then next create a firewall rule on that interface and set it to block/reject, set protocol to tcp/udp or any, source ip to any and finally destination ip select single host or alias and input the alias name you just created.

    You can also assign schedules by creating a schedule by going to Firewall > Schedule then after creating a schedule, go edit your firewall rule and go to advance options and look for 'schedule'

    Note* blocking youtube using IP address might affect google, I just figured it out that there are times youtube and google has the same IP.

    1. Login to pfSense
    2. Firewall > Aliases
    3. Firewall > Schedule
    4. Firewall > Rules
    –----action: block
    ------protocol: any
    ------source ip: any
    ------destination ip: single host or alias (alias name)
    ------advance options: schedule



  • @pf$george:

    Hi,

    I was able to block those 2 sites without using any packages. Using only the firewall rules, you can achieve this.

    What I did is, first identify those sites IP address ranges, you might find this part difficult.
    But if you manage to collect and identify the correct IPs, you will get what you want. You may try to search 'ipinfo facebook'

    Lets assume you already got the IPs, next you need to do is create an alias and add those IPs you just collected. Then next create a firewall rule on that interface and set it to block/reject, set protocol to tcp/udp or any, source ip to any and finally destination ip select single host or alias and input the alias name you just created.

    You can also assign schedules by creating a schedule by going to Firewall > Schedule then after creating a schedule, go edit your firewall rule and go to advance options and look for 'schedule'

    Note* blocking youtube using IP address might affect google, I just figured it out that there are times youtube and google has the same IP.

    1. Login to pfSense
    2. Firewall > Aliases
    3. Firewall > Schedule
    4. Firewall > Rules
    –----action: block
    ------protocol: any
    ------source ip: any
    ------destination ip: single host or alias (alias name)
    ------advance options: schedule

    Thank you for this! Will try this one if it is effective. Dont you have problems with youtube side? Some tell's that you might also block other google services when blocking youtube IPs.



  • @pf$george how did you get all IPs of Facebook? Did you list down all IP ranges stated in the https://ipinfo.io/AS32934 website?