How to block facebook access

Ernie Luzar luzar722 at
Sun Aug 20 11:30:45 UTC 2017

Polytropon wrote:
> On Sat, 19 Aug 2017 16:41:20 -0400, Ernie Luzar wrote:
>>> On 8/19/2017 2:20 PM, Ernie Luzar wrote:
>>>> Hello list;
>>>> Running 11.1 & ipfilter with LAN behind the gateway server. LAN users 
>>>> are using their work PC's to access facebook during work.
>>>> What method would recommend to block all facebook access?
>>  > Littlefield, Tyler wrote:
>>  > make your proxy just blacklist and
>>  > Blocking it will just let them view it on their phones though, so
>>  > you're looking at a different issue altogether.
>> Already blocking 15 facebook login ip address which can be added to or 
>> changes by FB anytime.
> Yes, that is one of the core problems: You do not have control
> over Facebook's network configuration. :-)
> On the IP level, you can maintain a list of IPs to block. And
> you could use resolver modification to do this for you, for
> example when the IP for a certain Facebook service or page
> changes, using the resolver its new IP will be added to the
> block list. With this approach, you can block using both
> numeric IPs and domain name strings (which of course resolve
> to IPs, too).
> Maybe it would be a lot easier if you could just switch to
> whitelisting - define the IPs _allowed_ for the users. This
> will surely introduce new problems like "I cannot access a
> web site which I need for work, please verify and whitelist",
> which is something you cannot fully automate.

I am unfamiliar with the "resolver modification" you speak of.
Is this a function in ipfilter firewall?
Where and how is this done?

More information about the freebsd-questions mailing list