Hi to all, hope you all had a great Christmas, has anyone been able to block Facebook completely, I have managed to block all other social media but Facebook is giving me a hard time. I managed to block for a week but its back on, I need to block a number of users that are abusing the Facebook privileges…lol
Hope everyone has a great cross-over to 2016.
I would like to give some remarks about your question:
Unless you use use non-transparant proxy, you will not be able to filter https connections with squid. This will take some configuration on both server and client. Another option is to block all facebook ip-addresses/-blocks in iptables.
I found a solution on the Ubuntu forums:
http://ubuntuforums.org/showthread.php?t=2145355&p=12648923&viewfull=1#post12648923
Now the goal you want to achieve: You say some users ‘abuse’ facebook privileges. How do you find out they do this? And what exactly is the unwanted behaviour?
The behaviour of people (and especially young people) is that when something is restricted, it becomes more appealing to do that restricted action. Most of the times it is far more effective to have a conversation with those that (in this case) abuse facebook.
When talking with them, it should be clear that there is a valid reason not to allow facebook, and that when they do abuse facebook, they will face sanctions. What those sanctions should be is something to think about. But in severe cases it could be a complete ban from the network.
When you start the ‘game’ of cat and mouse with people to block services, they will dig deeper and deeper to go around the blocked sites and/or services. Personally I think this is not the way to go.
Hello Lewis, christmas good for you too. In Web filters you find the option to use blacklist SHALLALIST where all addresses used by facebook HTTP and HTTPS. Activate web filter and enter which hosts suffer the filter blockage.
Another good way to block Facebook make blacklist in DNSMasq
Hi Robb, thank you for the info… The biggest problem is not that they in faceboo, its them playing/streaming the videos. I have a group of 5 users that will not listen but I can not block internet on their computers because their job requires the internet but not Facebook. If I could stop those IPs from streaming then I would have a winner…
Hi Flavio
At the moment in the Blacklist I am running Université Toulouse (free), I should change to Shalla? That will help me with blocking certain users from Facebook?
I tried it and it didnt work… I still have access to facebook
Hi Lewis,
Generally, FB works with https first.
Web filters should block both http & https (no matter filter you use: SHALLALIST or UT).
Like I said in other posts, I think the problem is from Transparent Proxy: how is configured and how it works in conjunction with different web browsers (I will test last version of NS as UTM in the next days to dig more).
I think the solution proposed by @Nas should always work.
Thank you, I would need a little more step-by-step on Nas’s DNSMasq
Nas I would need a little more step-by-step on howto using DNSMasq
Hi @Lewis
mkdir -p /etc/e-smith/templates-custom/etc/dnsmasq.conf
Add Facebook host
vi /etc/e-smith/templates-custom/etc/dnsmasq.conf/29Facebook
addn-hosts=/etc/facebook.hosts
Add loop
vi /etc/facebook.hosts
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
Run
signal-event nethserver-dnsmasq-update
Enjoy NEW Year 
No need for templates: you can go to the DNS page and add hosts.
This will block everyone from Facebook wont it? I need 5 or so blocked.
Best and more effective way is using proxy authenticated, blocking https/http ports and content filter.
No way to configure a good filter for social using a transparent proxy
@Lewis so only way it is to block facebook in shorewall from 5 local ip addresses /etc/shorewall/rules than i’l help to make custom template
I still can’t believe why only the technical aspects are put in this topic. Especially when some users abuse a network, it should be the social aspects that stop the bad behaviour.
Of course this is a technical forum, but that doesn’t mean that soft skills/social skills are less important when running a network.
Again, first thing I would do is have a chat with the abusers and make absolutely clear that they are violating rules and that the consequences could imply loosing their network account for longer or shorter period of time. In a paid job this could imply that they can not do their job due to their own fault. Which would mean that they will get a reduction on their paycheck.
In a school situation this could imply that they can’t do their homework and get graded with a zero for a project…
At least don’t get in the corner of the guy with the problem. THEY are having a problem and they should know they have a problem when they refuse to obey the rules.
Setting an example also works, firing the less production person out of the group should stimulate more productivity from the others.
@robb I do understand you, but I have a boss that will walk into my office and ask me to block a certain user off facebook because he has decided that that user no longer needs it. I would be happy to know that this is possible with NS.
@Nas I would be real glad if you could show me… I need to block those users.
Hi, I’m not exactly 100% sure about this. I have not tried it but the logic seems feasible.
)This is just on the top of my mind. I’ve used this one on my pfsense installation.
OR you can do the other way around…allow facebook and create a group containing nofacebookaccess and create firewall rule if nofacebookaccess, block facebooknetwork.
Thanks… will give it a go…