Re: [gentoo-user] blocking facebook

Fri, 11 Dec 2015 22:29:57 -0800 

On Fri, Dec 11, 2015 at 08:03:14PM -0700, the...@sys-concept.com wrote
> Does anybody have an idea how to block facebook?
> 
> I'm using dd-wrt.  The "access restriction" can block http but not https
> and I'm not good in iptables :-/
> In addition users are using VirtualBox on the network as well.

  An excerpt from my /var/lib/iptables/rules-save ruleset...

[0:0] -A INPUT -s 31.13.24.0/21 -j FECESBOOK
[154:11168] -A INPUT -s 31.13.64.0/18 -j FECESBOOK
[0:0] -A INPUT -s 66.220.144.0/20 -j FECESBOOK
[0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK
[0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK
[0:0] -A INPUT -s 74.119.76.0/22 -j FECESBOOK
[0:0] -A INPUT -s 103.4.96.0/22 -j FECESBOOK
[0:0] -A INPUT -s 173.252.64.0/18 -j FECESBOOK
[0:0] -A INPUT -s 204.15.20.0/22 -j FECESBOOK

[0:0] -A OUTPUT -d 31.13.24.0/21 -j FECESBOOK
[3763325:225839770] -A OUTPUT -d 31.13.64.0/18 -j FECESBOOK
[56:3360] -A OUTPUT -d 66.220.144.0/20 -j FECESBOOK
[0:0] -A OUTPUT -d 69.63.176.0/20 -j FECESBOOK
[874:52440] -A OUTPUT -d 69.171.224.0/19 -j FECESBOOK
[0:0] -A OUTPUT -d 74.119.76.0/22 -j FECESBOOK
[0:0] -A OUTPUT -d 103.4.96.0/22 -j FECESBOOK
[3306:198360] -A OUTPUT -d 173.252.64.0/18 -j FECESBOOK
[0:0] -A OUTPUT -d 204.15.20.0/22 -j FECESBOOK

[3767715:226105098] -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level 6
[3767715:226105098] -A FECESBOOK -j DROP

  It's OK to change the numbers in brackets to [0:0].  They represent
the number of [packets:bytes] since the rule was last updated.  Which
block has the most traffic depends on which part of the planet you're
on.  Here in Toronto, Canada outbound traffic to the 31.13.64.0/18
block, specifically 31.13.80.3, is the most common hit.  This comes from
websites with Facebook beacons trying to track every man and his dog.

  You'll notice the occasional website with a small rectangle that says
"...can't establish a connection to the server at...".  Insert your
browser's name at the left, and the website name (Facebook,
ad.doubleclick.net, etc) at the right.

-- 
Walter Dnes <waltd...@waltdnes.org>
I don't run "desktop environments"; I run useful applications

Reply via email to