1 |
On Fri, Dec 11, 2015 at 08:03:14PM -0700, thelma@×××××××××××.com wrote |
2 |
> Does anybody have an idea how to block facebook? |
3 |
> |
4 |
> I'm using dd-wrt. The "access restriction" can block http but not https |
5 |
> and I'm not good in iptables :-/ |
6 |
> In addition users are using VirtualBox on the network as well. |
7 |
|
8 |
An excerpt from my /var/lib/iptables/rules-save ruleset... |
9 |
|
10 |
[0:0] -A INPUT -s 31.13.24.0/21 -j FECESBOOK |
11 |
[154:11168] -A INPUT -s 31.13.64.0/18 -j FECESBOOK |
12 |
[0:0] -A INPUT -s 66.220.144.0/20 -j FECESBOOK |
13 |
[0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK |
14 |
[0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK |
15 |
[0:0] -A INPUT -s 74.119.76.0/22 -j FECESBOOK |
16 |
[0:0] -A INPUT -s 103.4.96.0/22 -j FECESBOOK |
17 |
[0:0] -A INPUT -s 173.252.64.0/18 -j FECESBOOK |
18 |
[0:0] -A INPUT -s 204.15.20.0/22 -j FECESBOOK |
19 |
|
20 |
[0:0] -A OUTPUT -d 31.13.24.0/21 -j FECESBOOK |
21 |
[3763325:225839770] -A OUTPUT -d 31.13.64.0/18 -j FECESBOOK |
22 |
[56:3360] -A OUTPUT -d 66.220.144.0/20 -j FECESBOOK |
23 |
[0:0] -A OUTPUT -d 69.63.176.0/20 -j FECESBOOK |
24 |
[874:52440] -A OUTPUT -d 69.171.224.0/19 -j FECESBOOK |
25 |
[0:0] -A OUTPUT -d 74.119.76.0/22 -j FECESBOOK |
26 |
[0:0] -A OUTPUT -d 103.4.96.0/22 -j FECESBOOK |
27 |
[3306:198360] -A OUTPUT -d 173.252.64.0/18 -j FECESBOOK |
28 |
[0:0] -A OUTPUT -d 204.15.20.0/22 -j FECESBOOK |
29 |
|
30 |
[3767715:226105098] -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level 6 |
31 |
[3767715:226105098] -A FECESBOOK -j DROP |
32 |
|
33 |
It's OK to change the numbers in brackets to [0:0]. They represent |
34 |
the number of [packets:bytes] since the rule was last updated. Which |
35 |
block has the most traffic depends on which part of the planet you're |
36 |
on. Here in Toronto, Canada outbound traffic to the 31.13.64.0/18 |
37 |
block, specifically 31.13.80.3, is the most common hit. This comes from |
38 |
websites with Facebook beacons trying to track every man and his dog. |
39 |
|
40 |
You'll notice the occasional website with a small rectangle that says |
41 |
"...can't establish a connection to the server at...". Insert your |
42 |
browser's name at the left, and the website name (Facebook, |
43 |
ad.doubleclick.net, etc) at the right. |
44 |
|
45 |
-- |
46 |
Walter Dnes <waltdnes@××××××××.org> |
47 |
I don't run "desktop environments"; I run useful applications |