How to block facebook?



  • i'm having trouble with squid and squid guard..
    let's say i want to block facebook so i already installed squid and squid guard..

    and i already set the configuration like tutorial do..
    but i want to enable transparent proxy so i don't need to setup proxy browser on every client..
    i put the default rule to deny all traffic.. (just for test that squid and squid guard is working)
    but yet i still can browse anything..
    but when i disable the transparent proxy and setup proxy browser it's work..
    do u have any idea how to solve it??
    regards



  • I would block facebook in Squid on the access control setting page. When you start adding huge lists squid may act a little strange but small lists will do perfect.
    If its just one domain you want to block I would recommend just using squid, uninstall SquidGuard.



  • @tommyboy180:

    I would block facebook in Squid on the access control setting page. When you start adding huge lists squid may act a little strange but small lists will do perfect.
    If its just one domain you want to block I would recommend just using squid, uninstall SquidGuard.

    actually i want to block all the porn sites too.. it's too many of them if i'm not using squidguard..
    and what's the solution about transparent proxy failed??
    if i'm using transparent proxy i don't need to setup browser proxy right?



  • I think it will work in Firewall>Rules>Lan.. Im not sure if you cn block there.
    jigp
    Davao City



  • well,
    alow all
    and on chat or socialnetwork set deny and thats it …



  • Ok thanks ill try that too.
    OT: is there a way to change the default proxy squid host and port 3128? I have a private proxy and port but upon reading the /var/squid its not there anymore…
    jigp
    Davao City



  • just use transparent proxy it is easy way to set it up



  • @josey:

    just use transparent proxy it is easy way to set it up

    i have some problem with transparent proxy since i used bridge method..
    dvserg say bridge method can't use transparent proxy..
    and if i'm not using bridge method.. i can't connect to internet..
    weird isn't it?
    or i'm dumb enough..
    dunno which one



  • How about using OpenDNS?

    So far it's worked perfectly for me in about 10 clients' offices.

    We had to make squid use OpenDNS's DNS servers and kept everything else on the respective ISP's DNS servers because OpenDNS was occasionally blocking access to hotmail's MX records etc, which caused problems with outbound mail.



  • Thanks. I will use opendns again. Though some sites are blocked without setting up the menu there in the opendns site :(
    Sometimes i disabled opendns just to access the site..

    thanks,
    jigp
    Davao City



  • My solution was to create an Alias with the following network entries
    66.220.144.0/20
    69.63.176.0/20
    204.15.20.0/22

    and then block that Alias in firewall rules.



  • FACEBOOK_ALLOW="192.168.1.12 192.168.1.14 192.168.1.111"
    iptables -N FACEBOOK

    iptables -I FORWARD -m tcp -p tcp -m iprange –dst-range 66.220.144.0-66.220.159.255 --dport 443 -j FACEBOOK
    iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 443 -j FACEBOOK
    iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 443 -j FACEBOOK
    iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 80 -j FACEBOOK
    iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 80 -j FACEBOOK
    iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 80 -j FACEBOOK

    FACEBOOK ALLOW

    for face in $FACEBOOK_ALLOW; do
        iptables -A FACEBOOK -s $face -j ACCEPT
    done
    iptables -A FACEBOOK -j REJECT



  • Which would be better if pfSense was Linux ;)



  • no no….. list of IP's facebook use. Thats all. Should have made that clear.



  • Hi try my post. It work for me and the rest of my friends. Search "How to block facebook in 4 ways" or click this link http://forum.pfsense.org/index.php/topic,39849.msg205547.html#msg205547

    jigp



  • @MikeKulls:

    My solution was to create an Alias with the following network entries
    66.220.144.0/20
    69.63.176.0/20
    204.15.20.0/22

    and then block that Alias in firewall rules.

    This appears to work for me as long as I've disabled ipv6 support (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. In windows, stop and disable the service "IP Helper".



  • Blocking apps.facebook.com will do the job too.



  • Check How to block facebook. It's in Portuguese but you can translate it to English with the Translator at top right of the page. This link has more facebook networks other than that were posted earlier.



  • I've always found it irritating when people dance around my question instead of answering it directly, so I'll try to avoid doing so myself.

    I had similar issues with squid/squidguard myself and it was due to the parameters squidguard uses in squid being deleted somehow. I don't know if there is a better way, but what I did was uninstall both squid and squidguard, delete their entries in /var/ (just for extra measure), then install and configure just squid w/ transparent proxy. verify it was working, then install and configure squidguard. This worked for me shrugs YMMV. Just so you know, I have since reinstalled that pfsense box, so I have no idea if there were any issues over a period of time.

    Also, in reference to blocking hosts while it may be good for "extra measure", it's kinda like mac address filtering, it really isn't all that helpful in the end. What you want to if you want to make absolute sure a site is blocked is prevent access via IP address (trying to surf to facebook via IP doesn't work anyway), prevent circumvention of DNS settings, and prevent all use of proxy servers and remote login software of any kind. If you can successfully do these things, they wont be able to get to places you dont want them.



  • Kamel,

    But the issue being that if you configure transparent proxy in any way the users just browse over to https://www.facebook.com and access it anyways.

    So I found the best way is to block the facebook CIDRs.

    Regards,

    joako



  • Try my post <http: forum.pfsense.org="" index.php="" topic,39849.msg205547.html#msg205547="">and test it. Make a rule that reject 443/80 ports and destination all CIDR of facebook. It works form me even if they use https or http.

    jigp</http:>


Log in to reply