Blocking facebook.com on http and https

niebla

I appreciate all the great advice I have received from this forum. I could not have done this without all of the great info!

Complex but straightforward setup.

Pfsense 2.01 latest release, squid, squidguard and lightsquid

VLANs 10, 20, 30, 40, 50, 60, and 70 all coming back to Pfsense.

Load balancing a 10mb leased line and two Ppoe connections.

Everything working great including load balancing multi wan with squid.

Trying to block a group of machines from facebook http and https. All of the machines I am trying to block are on VLAN 10.

Trying to use firewall rules to block or drop.

Created an alias with all of the facebook subnets and used it in the rule.

Also tried adding a static entry to the dns server and using that IP address in the FW rule.

Created rules on the vlan 10 firewall rules tab, the floating tab, and both with no success.

Also cleared the states table after each change and tested.

Testing indicate the problem has to do with the allow port 443 rule for all on the vlan 10 FW rule. When I disble the 443 rule all HTTPS traffic is bloced including facebook. But I need 443 for gmail etc.

Will add screenshots tomorrow from work.

Any suggestions are welcome. Can do a G+ screen-share or remote session if helpful.

Thanks.

alias.png_thumb
![floating rules.png](/public/imported_attachments/1/floating rules.png)
![floating rules.png_thumb](/public/imported_attachments/1/floating rules.png_thumb)

vlan10rules.png_thumb

interfaces.png_thumb

niebla

Looks like it is working now.

I removed the floating rule and added more Facebook networks.

Now I will get to work on blocking m.facebook.com.

Will update with any additional info.

66.220.144.0/20

66.220.144.0/21

66.220.152.0/21
66.220.159.0/24
69.63.176.0/20

69.63.176.0/21

69.63.176.0/24

69.63.184.0/21

69.171.224.0/19

69.171.224.0/20
69.171.239.0/24
69.171.240.0/20
69.171.255.0/24
74.119.76.0/22
103.4.96.0/22
173.252.64.0/18
173.252.64.0/19
173.252.70.0/24
173.252.96.0/19
204.15.20.0/22

31.13.24.0/21

31.13.64.0/18
31.13.64.0/19
31.13.64.0/24
31.13.65.0/24
31.13.66.0/24
31.13.67.0/24
31.13.68.0/24
31.13.69.0/24
31.13.70.0/24
31.13.71.0/24
31.13.72.0/24
31.13.73.0/24
31.13.74.0/24
31.13.75.0/24
31.13.76.0/24
31.13.77.0/24
31.13.96.0/19

rakeshvijayan

@niebla:

Looks like it is working now.

I removed the floating rule and added more Facebook networks.

Now I will get to work on blocking m.facebook.com.

Will update with any additional info.

31.13.64.0/18

I get good result by blocking 31.13.64.0/18 network
[click to toggle enabled/disabled status] * * * 31.13.64.0/18 * * none block

this is done with help of firewall and squid .but facebook can access with proxy sites ,proxy option is also enabled in squid and squidguard but no way to complete block facebook like dansguardian proxy with out transperant option

Thanks