List of IP Space used by Facebook



  • To block facebook, use thier current IPs list as of 2013-01-01:

    74.119.76.0/22 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    69.63.184.0/21 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    69.63.176.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    69.63.176.0/21 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    69.171.255.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    69.171.240.0/20 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    69.171.239.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    69.171.224.0/20 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    66.220.152.0/21 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    66.220.144.0/21 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.96.0/19 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.82.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.81.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.80.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.79.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.78.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.77.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.76.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.75.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.74.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.73.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.72.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.71.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.70.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.69.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.66.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.65.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.64.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.64.0/19 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    31.13.24.0/21 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    204.15.20.0/22 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    173.252.96.0/19 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    173.252.70.0/24 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    173.252.64.0/19 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    103.4.96.0/22 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC

    Facebook IPv6 IPs:
    2a03:2880:f006::/48 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    2a03:2880::/32 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    2620:0:1cff::/48 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC
    2620:0:1c00::/40 2012-12-18 08:00:00 UTC 2013-01-01 08:00:00 UTC

    Hope this help.

    jigp


  • Banned

    NetRange:      173.252.64.0 - 173.252.127.255
    CIDR:          173.252.64.0/18

    Much easier….



  • Thanks! But they have alot of IPs range.



  • Latest IPs list as of January 8, 2013 6:48:02.01

    IPV4 IPs:
    route:      204.15.20.0/22
    route:      69.63.176.0/20
    route:      66.220.144.0/20
    route:      66.220.144.0/21
    route:      69.63.184.0/21
    route:      69.63.176.0/21
    route:      74.119.76.0/22
    route:      69.171.255.0/24
    route:      173.252.64.0/18
    route:      69.171.224.0/19
    route:      69.171.224.0/20
    route:      103.4.96.0/22
    route:      69.63.176.0/24
    route:      173.252.64.0/19
    route:      173.252.70.0/24
    route:      31.13.64.0/18
    route:      31.13.24.0/21
    route:      66.220.152.0/21
    route:      66.220.159.0/24
    route:      69.171.239.0/24
    route:      69.171.240.0/20
    route:      31.13.64.0/19
    route:      31.13.64.0/24
    route:      31.13.65.0/24
    route:      31.13.67.0/24
    route:      31.13.68.0/24
    route:      31.13.69.0/24
    route:      31.13.70.0/24
    route:      31.13.71.0/24
    route:      31.13.72.0/24
    route:      31.13.73.0/24
    route:      31.13.74.0/24
    route:      31.13.75.0/24
    route:      31.13.76.0/24
    route:      31.13.77.0/24
    route:      31.13.96.0/19
    route:      31.13.66.0/24
    route:      173.252.96.0/19
    route:      69.63.178.0/24
    route:      31.13.78.0/24
    route:      31.13.79.0/24
    route:      31.13.80.0/24
    route:      31.13.82.0/24
    route:      31.13.83.0/24
    route:      31.13.84.0/24
    route:      31.13.85.0/24
    route:      31.13.86.0/24
    route:      31.13.87.0/24
    route:      31.13.88.0/24
    route:      31.13.89.0/24
    route:      31.13.90.0/24
    route:      31.13.91.0/24
    route:      31.13.92.0/24
    route:      31.13.93.0/24
    route:      31.13.94.0/24
    route:      31.13.95.0/24
    route:      69.171.253.0/24
    route:      69.63.186.0/24
    route:      204.15.20.0/22
    route:      69.63.176.0/20
    route:      69.63.176.0/21
    route:      69.63.184.0/21
    route:      66.220.144.0/20
    route:          69.63.176.0/20

    IPV6 IPs:
    route6:     2620:0:1c00::/40
    route6:     2a03:2880::/32
    route6:     2401:DB00::/32
    route6:     2a03:2880:fffe::/48
    route6:     2a03:2880:ffff::/48
    route6:     2620:0:1cff::/48


  • Banned

    But if you block det main domain, then subdomains will also be blocked….


  • Rebel Alliance Developer Netgate

    http://whois.arin.net/rest/org/THEFA-3/nets should always be up-to-date for ARIN at least. Not sure if the other organizations keep such handy links around…



  • @jimp:

    http://whois.arin.net/rest/org/THEFA-3/nets should always be up-to-date for ARIN at least. Not sure if the other organizations keep such handy links around…

    This is much better (i think)
    http://bgp.he.net/AS32934#_prefixes



  • I noticed that Facebook added several new IP ranges in the past 12 months.

    While there are several ways to do filtering (e.g. url filtering with a proxy), there are a few websites (e.g. Facebook and Google for Gmail, GoogleApps) that practically every network administrator in the world will just have to deal with one way or another. Last year I posted a related feature request Maintain IP range tables for popular Internet sites.

    IMHO it would be very convenient for many net admins (especially less experienced ones), if pfSense provided them an easy way to keep such aliases up-to-date (and if they were given a choice, I bet the majority would choose to have those files maintained on files.pfsense.org vs the full-bogons lists LOL)


  • Rebel Alliance Developer Netgate

    It's an easy feature to suggest, but it's a lot of work for us to implement and even more to maintain. There are places like countryipblocks that keep lists and they charge now because they've found that doing it for free isn't feasible. Having to constantly research those sites every few days/weeks/months is not something that will be easy to automate, if it's even possible.

    Sounds like something that could be added to pfBlocker if someone wanted to make the effort to maintain the lists.



  • Jimp, I didn't mean that people should maintain these lists manually. When I first suggested that feature 1+ year ago, I had just quickly hacked together a shell script that would run on pfsense and would compile the IP ranges of Google using the recommended method (i.e. spf records) and load them as pf table. I'll search for the script and post it, if others are interested.

    Unfortunately, as Ermal pointed out in the redmine ticket, this method isn't universal.



  • @jimp:

    Sounds like something that could be added to pfBlocker if someone wanted to make the effort to maintain the lists.

    see this thread http://forum.pfsense.org/index.php/topic,57386.0.html


Locked