Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Chrome circumvents the firewall!!!

    Scheduled Pinned Locked Moved Firewalling
    10 Posts 7 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mago.barca
      last edited by

      Hello everyone:

      I setup firewall to block facebook.com using facebook cidr network given by 173.252.64.0/18.  I'm running http proxy server squid along network analyzer lightsquid.  The proxy is not transparent and im using the defaul port 3128.  So here is the weird thing.  Facebook is completely blocked using ie and firefox but I can still navigate Facebook using Chrome.  BTW I used internet option to set the proxy to the pfsense host with port 3132. Any idea why is that happening?  How can i fix this?Thanks.

      1 Reply Last reply Reply Quote 0
      • D Offline
        doktornotor Banned
        last edited by

        @mago.barca:

        facebook cidr network given by 173.252.64.0/18

        Vastly incomplete… http://bgp.he.net/AS32934

        @mago.barca:

        I'm running http proxy server

        Considering the entire facebook is HTTPS, just what exactly do you think you are proxying?

        1 Reply Last reply Reply Quote 0
        • M Offline
          mago.barca
          last edited by

          You are right!  the cidr network that I have is for facebook.com.  This one is for www.facebook.com 66.220.144.0/20.

          I am using proxy because I like to have lightsquid to monitor the untilization of network.  I am going apply the additional network and see what happens.

          Thanks.

          1 Reply Last reply Reply Quote 0
          • P Offline
            phil.davis
            last edited by

            There is a long list of IPs potentially used by Facebook.
            This is how I do it: https://forum.pfsense.org/index.php?topic=69860.msg383922#msg383922

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • BBcan177B Offline
              BBcan177 Moderator
              last edited by

              List is also available in Hurricane Electric IPv4 and v6…. Easy to use with pfBlockerNG.

              http://bgp.he.net/search?search%5Bsearch%5D=facebook&commit=Search

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • M Offline
                mago.barca
                last edited by

                After using ur reference to the complete list of cidr of facebook, the firewall blocked facebook completely (no squid is installed).  However once I installed and configued squid, then the firewall rule is broken and im able  facebook completely whether squid is configured to be transparent or not! Why is that???

                Thanks.

                1 Reply Last reply Reply Quote 0
                • H Offline
                  Hugovsky
                  last edited by

                  If you want to block facebook entirely, just set facebook.com to 0.0.0.0 and block dns out.

                  1 Reply Last reply Reply Quote 0
                  • M Offline
                    mago.barca
                    last edited by

                    That's another way I could try.  But why squid breaks the the rule of the firewall?

                    1 Reply Last reply Reply Quote 0
                    • H Offline
                      heper
                      last edited by

                      because squid doesnt run on LAN

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ Offline
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        Its not that is not doesn't listen on lan, you talk to squid, squid goes and gets what you asked for from the firewall itself, not from a box on the lan.  So it doesn't see those rules you have for lan clients going through the normal interface.

                        Read up on how and what a proxy is would be my suggestion.

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 26.03 | Lab VMs 2.8.1, 26.03

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.