Facebook blocking

Best and more effective way is using proxy authenticated, blocking https/http ports and content filter.
No way to configure a good filter for social using a transparent proxy

@Lewis so only way it is to block facebook in shorewall from 5 local ip addresses /etc/shorewall/rules than i’l help to make custom template

I still can’t believe why only the technical aspects are put in this topic. Especially when some users abuse a network, it should be the social aspects that stop the bad behaviour.
Of course this is a technical forum, but that doesn’t mean that soft skills/social skills are less important when running a network.

Again, first thing I would do is have a chat with the abusers and make absolutely clear that they are violating rules and that the consequences could imply loosing their network account for longer or shorter period of time. In a paid job this could imply that they can not do their job due to their own fault. Which would mean that they will get a reduction on their paycheck.
In a school situation this could imply that they can’t do their homework and get graded with a zero for a project…
At least don’t get in the corner of the guy with the problem. THEY are having a problem and they should know they have a problem when they refuse to obey the rules.

1 Like

Setting an example also works, firing the less production person out of the group should stimulate more productivity from the others.

@robb I do understand you, but I have a boss that will walk into my office and ask me to block a certain user off facebook because he has decided that that user no longer needs it. I would be happy to know that this is possible with NS.

@Nas I would be real glad if you could show me… I need to block those users.

Hi, I’m not exactly 100% sure about this. I have not tried it but the logic seems feasible.

  1. Block Facebook access normally (the http traffic)…but this is optional
  2. Create “Firewall Objects” to allow access to facebook site
  3. Create Host groups which contains the IPs above (e.g. facebookables :smile:)
  4. List down all of Facebook IPs (CIDR and IPs, search the net on how to get an updated list…look at the link @robb posted)
  5. Create a Firewall Objects containing Facebook’s IP/Networks created above.
  6. Create Host group (facebooknetwork) containing Facebook’s
  7. IPs/CIDR subnets created earlier Create a Firewall rule…if not “facebookables”, block access to “facebooknetwork”

This is just on the top of my mind. I’ve used this one on my pfsense installation.

OR you can do the other way around…allow facebook and create a group containing nofacebookaccess and create firewall rule if nofacebookaccess, block facebooknetwork.

Thanks… will give it a go…

Great! Let us know of the outcome!

Hi Lewis,

I have blocked Facebook access for GREEN using the following settings.
It works with or without “Block HTTP and HTTPS ports” enabled.

But, with this configuration (“Transparent with SSL” with or without “Block HTTP and HTTPS ports” enabled), I have a problem regarding Google Translate (till now) but I’m sure may be and other dysfunctions regarding sites. I will open another post with this but I want you to know about that.

1 Like

That’s a good FAQ! :slight_smile: Remind that with Transparent SSL you’re forced to install the certificate into your client

Hi Alessio,

You are right!

@vhinzsanchez I have not tried his method, having problems understanding. How do I add all the IP/CIDR? It looks like I have to add one at a time in Firewall Objects>CIDR Subnets, once that done how do I link them all to a group?

@GG_jr gave you method a go, and it didnt work, dont know if I did something wrong.
How do i force my certificate to be installed, I have tried and having no luck. Using Firefox

  1. Remove from Firefox -> Options -> Advanced -> Certificates -> View Certificates, any certificate regarding NS.
  2. In NS GUI -> Web Proxy: right click on “http://your_ip/proxy.crt” and “Open Link in New Tab”.
  3. Save the certificate.
  4. Import the certificate as Trusted Authorities.
  5. Restart Firefox (Optional).

1 Like

Ehi man, those are good explanations! Please take some time to create a new page on our wiki :smile:

I found the problem:

Do not enable “Block porn sites by regular expressions on URL”.

If you want to block porn sites, choose from “Categories”.

With “Block porn sites by regular expressions on URL” enabled, also blocked and this:

when I want to open from here:

Another How To: Problem with ssl bump on Firefox 39+

TIP: If you have installed any AV that scan SSL, disable this option!

Hi everybody,

Another TIP regarding blocking Facebook through Web proxy -> Transparent with SSL and Web filter:

If you want to access different media web sites who have “Comments” section made with “Facebook Comments Plugin”, you will not be able to see or access that section.

This is available for any other combination (Blocking Twitter and Twitter Plugin, …).

Kind regards,

1 Like

Unfoturnatelly it is whole stystem blocking, but TS ask about how to block certain user. So only firewall rules.

Yes, but even those users will be not able to see that section.
Is the same thing but only for a few users. Or not?

the one way to resolve this problem (for me), was use the iptable:

iptables -I FORWARD -s -p tcp --dport 443 -m string --string ‘facebook’ --algo bm -j DROP

Or other case, block all and allow some IP connect.
#Block all
iptables -I FORWARD -p tcp --dport 443 -m string --string ‘facebook’ --algo bm -j DROP
#Allow IP
iptables -I FORWARD -s -p tcp --dport 443 -m string --string ‘facebook’ --algo bm -j ACCEPT

This way you keep using the transparent proxy without ssl.