how to blocking Facebook but not whatsapp



  • Hello!
    I did try block face by face IPs list aliases BUT, it blocks whatsapp web (chat, download and files uploads) too
    I did read many topics about this from many users, still very difficult for some people. I am trying follow config mode. Before continue to search solution that works, I would like to know if somebody can get works well.

    Thanks you so much


  • Galactic Empire

    Try using Snort on the LAN interface and enable blocking Facebook via openappid and the openappid-social_networking rule.



  • The Whatsapp have moved to the facebook server IP means if you block the facebook IP than all the media of the whatsapp are also blocked.

    The solution is blocking the facebook and whatsapp both to all rule and before that make another rule allowing the particular allowed client/IP which is not blocked at all.

    You can try snort, but I am unsucessfull to implement.



  • Thanks Tejas!

    We have other problem about this. We have rotes to other 43 points. Each point has Nat Outbound created automatic from PFSense. I am Trying to block some routes IP in block rule Face IPs, but not works!

    0_1531923619397_route.png

    Why does not pfsense respect the block rule or what can be wrong?



    • My guess is you have to reset the states. Diagnostic->states->Reset states. Since PFSense is a state-full firewall means, everything is blocked by default from WAN->LAN, but if from inside the LAN anyone access any IP than a state is created/opened.

    I don't know the reason, why you choose such method to block the facebook and not the straight forward and easy method.

    1. Just create alias FB_Allow with all the IPs or the range which is allowed to access facebook. and the Facebook_IP allias with all the facebook IP.( PS execute this command from PFSense 'whois -h whois.radb.net -- '-i origin AS32934' | grep ^route | grep -v route6 | cut -d" " -f7' to get all the facebook IP).

    2. Create a rule in the with in LAN Tab -> with source FB_Allow, port * to Destination * or Facebook_IP with port *.

    3. Make another rule below it in LAN Tab of the firewall rule blocking every other IP with facebook blocked by choosing source * port * and destination IP with allias Facebook_IP with port *.

    4. Change accordingly and most important I am also not an expert but learning.



  • Tejas!
    Sorry!

    Thanks your help and attention!
    Great

    Douglas