How to block facebook access
Ernie Luzar
luzar722 at gmail.com
Sun Aug 20 11:30:45 UTC 2017
Polytropon wrote:
> On Sat, 19 Aug 2017 16:41:20 -0400, Ernie Luzar wrote:
>>> On 8/19/2017 2:20 PM, Ernie Luzar wrote:
>>>> Hello list;
>>>>
>>>> Running 11.1 & ipfilter with LAN behind the gateway server. LAN users
>>>> are using their work PC's to access facebook during work.
>>>>
>>>> What method would recommend to block all facebook access?
>>>>
>> > Littlefield, Tyler wrote:
>> > make your proxy just blacklist facebook.com and m.facebook.com?
>> > Blocking it will just let them view it on their phones though, so
>> > you're looking at a different issue altogether.
>>
>> Already blocking 15 facebook login ip address which can be added to or
>> changes by FB anytime.
>
> Yes, that is one of the core problems: You do not have control
> over Facebook's network configuration. :-)
>
> On the IP level, you can maintain a list of IPs to block. And
> you could use resolver modification to do this for you, for
> example when the IP for a certain Facebook service or page
> changes, using the resolver its new IP will be added to the
> block list. With this approach, you can block using both
> numeric IPs and domain name strings (which of course resolve
> to IPs, too).
>
> Maybe it would be a lot easier if you could just switch to
> whitelisting - define the IPs _allowed_ for the users. This
> will surely introduce new problems like "I cannot access a
> web site which I need for work, please verify and whitelist",
> which is something you cannot fully automate.
>
I am unfamiliar with the "resolver modification" you speak of.
Is this a function in ipfilter firewall?
Where and how is this done?
More information about the freebsd-questions
mailing list