Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: waltdnes@××××××××.org
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] blocking facebook
Date: Sat, 12 Dec 2015 06:29:49
Message-Id: 20151212062920.GA31075@waltdnes.org
In Reply to: [gentoo-user] blocking facebook by thelma@sys-concept.com
1 On Fri, Dec 11, 2015 at 08:03:14PM -0700, thelma@×××××××××××.com wrote
2 > Does anybody have an idea how to block facebook?
3 >
4 > I'm using dd-wrt. The "access restriction" can block http but not https
5 > and I'm not good in iptables :-/
6 > In addition users are using VirtualBox on the network as well.
7
8 An excerpt from my /var/lib/iptables/rules-save ruleset...
9
10 [0:0] -A INPUT -s 31.13.24.0/21 -j FECESBOOK
11 [154:11168] -A INPUT -s 31.13.64.0/18 -j FECESBOOK
12 [0:0] -A INPUT -s 66.220.144.0/20 -j FECESBOOK
13 [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK
14 [0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK
15 [0:0] -A INPUT -s 74.119.76.0/22 -j FECESBOOK
16 [0:0] -A INPUT -s 103.4.96.0/22 -j FECESBOOK
17 [0:0] -A INPUT -s 173.252.64.0/18 -j FECESBOOK
18 [0:0] -A INPUT -s 204.15.20.0/22 -j FECESBOOK
19
20 [0:0] -A OUTPUT -d 31.13.24.0/21 -j FECESBOOK
21 [3763325:225839770] -A OUTPUT -d 31.13.64.0/18 -j FECESBOOK
22 [56:3360] -A OUTPUT -d 66.220.144.0/20 -j FECESBOOK
23 [0:0] -A OUTPUT -d 69.63.176.0/20 -j FECESBOOK
24 [874:52440] -A OUTPUT -d 69.171.224.0/19 -j FECESBOOK
25 [0:0] -A OUTPUT -d 74.119.76.0/22 -j FECESBOOK
26 [0:0] -A OUTPUT -d 103.4.96.0/22 -j FECESBOOK
27 [3306:198360] -A OUTPUT -d 173.252.64.0/18 -j FECESBOOK
28 [0:0] -A OUTPUT -d 204.15.20.0/22 -j FECESBOOK
29
30 [3767715:226105098] -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level 6
31 [3767715:226105098] -A FECESBOOK -j DROP
32
33 It's OK to change the numbers in brackets to [0:0]. They represent
34 the number of [packets:bytes] since the rule was last updated. Which
35 block has the most traffic depends on which part of the planet you're
36 on. Here in Toronto, Canada outbound traffic to the 31.13.64.0/18
37 block, specifically 31.13.80.3, is the most common hit. This comes from
38 websites with Facebook beacons trying to track every man and his dog.
39
40 You'll notice the occasional website with a small rectangle that says
41 "...can't establish a connection to the server at...". Insert your
42 browser's name at the left, and the website name (Facebook,
43 ad.doubleclick.net, etc) at the right.
44
45 --
46 Walter Dnes <waltdnes@××××××××.org>
47 I don't run "desktop environments"; I run useful applications

Replies

Subject Author
Re: [gentoo-user] blocking facebook Andrew Savchenko <bircoph@g.o>
Report Message
Find on MARC Find on Google Groups