Facebook blocking

Hi to all, hope you all had a great Christmas, has anyone been able to block Facebook completely, I have managed to block all other social media but Facebook is giving me a hard time. I managed to block for a week but its back on, I need to block a number of users that are abusing the Facebook privileges…lol

Hope everyone has a great cross-over to 2016.

I would like to give some remarks about your question:
Unless you use use non-transparant proxy, you will not be able to filter https connections with squid. This will take some configuration on both server and client. Another option is to block all facebook ip-addresses/-blocks in iptables.
I found a solution on the Ubuntu forums:

Now the goal you want to achieve: You say some users ‘abuse’ facebook privileges. How do you find out they do this? And what exactly is the unwanted behaviour?

The behaviour of people (and especially young people) is that when something is restricted, it becomes more appealing to do that restricted action. Most of the times it is far more effective to have a conversation with those that (in this case) abuse facebook.

When talking with them, it should be clear that there is a valid reason not to allow facebook, and that when they do abuse facebook, they will face sanctions. What those sanctions should be is something to think about. But in severe cases it could be a complete ban from the network.

When you start the ‘game’ of cat and mouse with people to block services, they will dig deeper and deeper to go around the blocked sites and/or services. Personally I think this is not the way to go.

Hello Lewis, christmas good for you too. In Web filters you find the option to use blacklist SHALLALIST where all addresses used by facebook HTTP and HTTPS. Activate web filter and enter which hosts suffer the filter blockage.

Another good way to block Facebook make blacklist in DNSMasq

Hi Robb, thank you for the info… The biggest problem is not that they in faceboo, its them playing/streaming the videos. I have a group of 5 users that will not listen but I can not block internet on their computers because their job requires the internet but not Facebook. If I could stop those IPs from streaming then I would have a winner…

Hi Flavio
At the moment in the Blacklist I am running Université Toulouse (free), I should change to Shalla? That will help me with blocking certain users from Facebook?

I tried it and it didnt work… I still have access to facebook

Hi Lewis,

Generally, FB works with https first.
Web filters should block both http & https (no matter filter you use: SHALLALIST or UT).

Like I said in other posts, I think the problem is from Transparent Proxy: how is configured and how it works in conjunction with different web browsers (I will test last version of NS as UTM in the next days to dig more).

I think the solution proposed by @Nas should always work.

Thank you, I would need a little more step-by-step on Nas’s DNSMasq

Nas I would need a little more step-by-step on howto using DNSMasq

Hi @Lewis

  1. mkdir -p /etc/e-smith/templates-custom/etc/dnsmasq.conf

  2. Add Facebook host

    vi /etc/e-smith/templates-custom/etc/dnsmasq.conf/29Facebook



  3. Add loop

    vi /etc/facebook.hosts facebook.com www.facebook.com

  4. Run

    signal-event nethserver-dnsmasq-update

  5. Enjoy NEW Year :slight_smile:

No need for templates: you can go to the DNS page and add hosts.

This will block everyone from Facebook wont it? I need 5 or so blocked.

Best and more effective way is using proxy authenticated, blocking https/http ports and content filter.
No way to configure a good filter for social using a transparent proxy

@Lewis so only way it is to block facebook in shorewall from 5 local ip addresses /etc/shorewall/rules than i’l help to make custom template

I still can’t believe why only the technical aspects are put in this topic. Especially when some users abuse a network, it should be the social aspects that stop the bad behaviour.
Of course this is a technical forum, but that doesn’t mean that soft skills/social skills are less important when running a network.

Again, first thing I would do is have a chat with the abusers and make absolutely clear that they are violating rules and that the consequences could imply loosing their network account for longer or shorter period of time. In a paid job this could imply that they can not do their job due to their own fault. Which would mean that they will get a reduction on their paycheck.
In a school situation this could imply that they can’t do their homework and get graded with a zero for a project…
At least don’t get in the corner of the guy with the problem. THEY are having a problem and they should know they have a problem when they refuse to obey the rules.

1 Like

Setting an example also works, firing the less production person out of the group should stimulate more productivity from the others.

@robb I do understand you, but I have a boss that will walk into my office and ask me to block a certain user off facebook because he has decided that that user no longer needs it. I would be happy to know that this is possible with NS.

@Nas I would be real glad if you could show me… I need to block those users.

Hi, I’m not exactly 100% sure about this. I have not tried it but the logic seems feasible.

  1. Block Facebook access normally (the http traffic)…but this is optional
  2. Create “Firewall Objects” to allow access to facebook site
  3. Create Host groups which contains the IPs above (e.g. facebookables :smile:)
  4. List down all of Facebook IPs (CIDR and IPs, search the net on how to get an updated list…look at the link @robb posted)
  5. Create a Firewall Objects containing Facebook’s IP/Networks created above.
  6. Create Host group (facebooknetwork) containing Facebook’s
  7. IPs/CIDR subnets created earlier Create a Firewall rule…if not “facebookables”, block access to “facebooknetwork”

This is just on the top of my mind. I’ve used this one on my pfsense installation.

OR you can do the other way around…allow facebook and create a group containing nofacebookaccess and create firewall rule if nofacebookaccess, block facebooknetwork.

Thanks… will give it a go…