Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Blocking facebook

    Firewalling
    6
    12
    15512
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nitaish last edited by

      I have blocked facebook in Pfsense, but still people are able to access Facebook when they try https. How to ensure facebook is blocked even when tried to access via https? I don't want to block port 443 in Pfsense Firewall since we need to open lots of URLs running on https. Can anybody suggest a way?

      1 Reply Last reply Reply Quote 0
      • S
        skear last edited by

        If you are using pfSense 1.2.x you could use the DNS Blacklist package to block certain URLs.  Unfortunately the package hasn't been updated for pfSense 2.0 yet.  Hopefully the author will update it soon.

        1 Reply Last reply Reply Quote 0
        • N
          nitaish last edited by

          I found an option from the forum itself. Go to http://forum.pfsense.org/index.php/topic,34321.0.html. Also I added another IP range 69.171.224.0/19 since Facebook also uses this range. Now, the Facebook is entirely blocked unless they add another network.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Try several more:

            69.63.176.0/20 66.220.144.0/20 204.15.20.0/22 69.171.224.0/19 74.119.76.0/22 173.252.64.0/18

            http://whois.arin.net/rest/org/THEFA-3/nets

            1 Reply Last reply Reply Quote 0
            • N
              nitaish last edited by

              Thx a lot Jimp. I added Facebook in dns forwarding and is now forwarding it to my local IP. This has disabled Facebook completely.

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                @nitaish:

                Thx a lot Jimp. I added Facebook in dns forwarding and is now forwarding it to my local IP. This has disabled Facebook completely.

                If you do that, make sure you also block access to outside/external DNS servers, or someone can just hardcode the DNS on their PC to get past that.

                1 Reply Last reply Reply Quote 0
                • N
                  nitaish last edited by

                  Already done that. Thx for advice Jimp.

                  1 Reply Last reply Reply Quote 0
                  • A
                    afstcklnd last edited by

                    And leave your IP blocking in place against the sneaky people who edit their hosts file :)

                    1 Reply Last reply Reply Quote 0
                    • B
                      bman212121 last edited by

                      Or people who just keep an IP handy for facebook.com cause they are that addicted. :p

                      You should point facebook.com to an internal webserver that brings up a page with a page that says get back to work! ;)

                      1 Reply Last reply Reply Quote 0
                      • T
                        thanatos2k last edited by

                        What about all the web auto-proxy services that will not use facebook's IPs or DNS? You'll need some internal monitoring to catch those, unless you manually blacklist all of them.

                        1 Reply Last reply Reply Quote 0
                        • jimp
                          jimp Rebel Alliance Developer Netgate last edited by

                          There are only so many technical solutions to a social/HR problem. No technical solution will ever be perfect.

                          If you put up all of these barriers and someone still gets on Facebook, they should be disciplined/fired/etc.

                          They'll probably give up doing it on the PC and just use Facebook on their smartphones all day anyhow.

                          1 Reply Last reply Reply Quote 0
                          • T
                            thanatos2k last edited by

                            A much more succinct version of what I was getting at, Jimp.

                            I'm going to use that line next time a client asks me to block site <whatever>. They've got to change the culture rather than rely on a lazy technical solution.</whatever>

                            1 Reply Last reply Reply Quote 0

                            Products

                            • Platform Overview
                            • TNSR
                            • pfSense
                            • Appliances

                            Services

                            • Training
                            • Professional Services

                            Support

                            • Subscription Plans
                            • Contact Support
                            • Product Lifecycle
                            • Documentation

                            News

                            • Media Coverage
                            • Press
                            • Events

                            Resources

                            • Blog
                            • FAQ
                            • Find a Partner
                            • Resource Library
                            • Security Information

                            Company

                            • About Us
                            • Careers
                            • Partners
                            • Contact Us
                            • Legal
                            Our Mission

                            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                            Subscribe to our Newsletter

                            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                            © 2020 Rubicon Communications, LLC | Privacy Policy