Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to deny access of facebook

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 7 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cesjr
      last edited by

      Hi ,does any one knows how to deny access of facebook , I can't figure out where is the configuration :'(
      Any suggestion will be appreciated :)

      1 Reply Last reply Reply Quote 0
      • ExolonE Offline
        Exolon
        last edited by

        Install pfBlockerNG, then set up a block rule with something like:

        
        http://bgp.he.net/search?search%5Bsearch%5D=facebook&commit=Search
        
        
        1 Reply Last reply Reply Quote 0
        • M Offline
          muswellhillbilly
          last edited by

          Alternately, install Squid/Squidguard or Squid/Dansguardian and set up a block rule there.

          1 Reply Last reply Reply Quote 0
          • J Offline
            jds5
            last edited by

            I haven't tried it, but off the top of my head you could add a DNS override for www.facebook.com to resolve to 127.0.0.1 or something like that.

            1 Reply Last reply Reply Quote 0
            • 2 Offline
              2chemlud Banned
              last edited by

              ..somethink like in the hosts file? Don't think this is easily done, or? An then they enter the IP and you'r lost again ;-)

              1 Reply Last reply Reply Quote 0
              • S Offline
                shamuel_
                last edited by

                I block by Rule using alias with all Facebook address.
                I create the list using the AS Number.

                You can get this list using whois:
                whois -h whois.radb.net – '-i origin AS32934' | grep ^route

                Before you could create a alias with this address an block the alias by Rule.

                <alias><name>Facebook_ASN</name>

                <address>204.15.20.0/22 69.63.176.0/20 66.220.144.0/20 66.220.144.0/21 69.63.184.0/21 69.63.176.0/21 74.119.76.0/22 69.171.255.0/24 173.252.64.0/18 69.171.224.0/19 69.171.224.0/20 103.4.96.0/22 69.63.176.0/24 173.252.64.0/19 173.252.70.0/24 31.13.64.0/18 31.13.24.0/21 66.220.152.0/21 66.220.159.0/24 69.171.239.0/24 69.171.240.0/20 31.13.64.0/19 31.13.64.0/24 31.13.65.0/24 31.13.67.0/24 31.13.68.0/24 31.13.69.0/24 31.13.70.0/24 31.13.71.0/24 31.13.72.0/24 31.13.73.0/24 31.13.74.0/24 31.13.75.0/24 31.13.76.0/24 31.13.77.0/24 31.13.96.0/19 31.13.66.0/24 173.252.96.0/19 69.63.178.0/24 31.13.78.0/24 31.13.79.0/24 31.13.80.0/24 31.13.82.0/24 31.13.83.0/24 31.13.84.0/24 31.13.85.0/24 31.13.86.0/24 31.13.87.0/24 31.13.88.0/24 31.13.89.0/24 31.13.90.0/24 31.13.91.0/24 31.13.92.0/24 31.13.93.0/24 31.13.94.0/24 31.13.95.0/24 69.171.253.0/24 69.63.186.0/24 31.13.81.0/24 179.60.192.0/22 179.60.192.0/24 179.60.193.0/24 179.60.194.0/24 179.60.195.0/24 185.60.216.0/22 45.64.40.0/22 185.60.216.0/24 185.60.217.0/24 185.60.218.0/24 185.60.219.0/24 129.134.0.0/16 157.240.0.0/16 204.15.20.0/22 69.63.176.0/20 69.63.176.0/21 69.63.184.0/21 66.220.144.0/20 69.63.176.0/20 2620:0:1c00::/40 2a03:2880::/32 2401:DB00::/32 2a03:2880:fffe::/48 2a03:2880:ffff::/48 2620:0:1cff::/48 2a03:2880:f000::/48 2a03:2880:f001::/48 2a03:2880:f002::/48 2a03:2880:f003::/48 2a03:2880:f004::/48 2a03:2880:f005::/48 2a03:2880:f006::/48 2a03:2880:f007::/48 2a03:2880:f008::/48 2a03:2880:f009::/48 2a03:2880:f00a::/48 2a03:2880:f00b::/48 2a03:2880:f00c::/48 2a03:2880:f00d::/48 2a03:2880:f00e::/48 2a03:2880:f00f::/48 2a03:2880:f010::/48 2a03:2880:f011::/48 2a03:2880:f012::/48 2a03:2880:f013::/48 2a03:2880:f014::/48 2a03:2880:f015::/48 2a03:2880:f016::/48 2a03:2880:f017::/48 2a03:2880:f018::/48 2a03:2880:f019::/48 2a03:2880:f01a::/48 2a03:2880:f01b::/48 2a03:2880:f01c::/48 2a03:2880:f01d::/48 2a03:2880:f01e::/48 2a03:2880:f01f::/48 2a03:2880:0000::/36 2a03:2880:1000::/36 2a03:2880:2000::/36 2a03:2880:3000::/36 2a03:2880:4000::/36 2a03:2880:5000::/36 2a03:2880:6000::/36 2a03:2880:7000::/36</address>

                <type>network</type>
                <detail></detail></alias>

                1 Reply Last reply Reply Quote 0
                • BBcan177B Online
                  BBcan177 Moderator
                  last edited by

                  You can actually do both… In Unbound or dnsmasq, create a Domain override. Also use pfBlockerNG to download the most recent IPs automatically daily/weekly as required. Hurricane Electric is a great source to collect IPs for almost any site.

                  "Experience is something you don't get until just after you need it."

                  Website: http://pfBlockerNG.com
                  Twitter: @BBcan177  #pfBlockerNG
                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.