From: waltdnes@waltdnes.org
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] blocking facebook
Date: Sat, 12 Dec 2015 01:29:20 -0500 [thread overview]
Message-ID: <20151212062920.GA31075@waltdnes.org> (raw)
In-Reply-To: <566B8E72.20004@sys-concept.com>
On Fri, Dec 11, 2015 at 08:03:14PM -0700, thelma@sys-concept.com wrote
> Does anybody have an idea how to block facebook?
>
> I'm using dd-wrt. The "access restriction" can block http but not https
> and I'm not good in iptables :-/
> In addition users are using VirtualBox on the network as well.
An excerpt from my /var/lib/iptables/rules-save ruleset...
[0:0] -A INPUT -s 31.13.24.0/21 -j FECESBOOK
[154:11168] -A INPUT -s 31.13.64.0/18 -j FECESBOOK
[0:0] -A INPUT -s 66.220.144.0/20 -j FECESBOOK
[0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK
[0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK
[0:0] -A INPUT -s 74.119.76.0/22 -j FECESBOOK
[0:0] -A INPUT -s 103.4.96.0/22 -j FECESBOOK
[0:0] -A INPUT -s 173.252.64.0/18 -j FECESBOOK
[0:0] -A INPUT -s 204.15.20.0/22 -j FECESBOOK
[0:0] -A OUTPUT -d 31.13.24.0/21 -j FECESBOOK
[3763325:225839770] -A OUTPUT -d 31.13.64.0/18 -j FECESBOOK
[56:3360] -A OUTPUT -d 66.220.144.0/20 -j FECESBOOK
[0:0] -A OUTPUT -d 69.63.176.0/20 -j FECESBOOK
[874:52440] -A OUTPUT -d 69.171.224.0/19 -j FECESBOOK
[0:0] -A OUTPUT -d 74.119.76.0/22 -j FECESBOOK
[0:0] -A OUTPUT -d 103.4.96.0/22 -j FECESBOOK
[3306:198360] -A OUTPUT -d 173.252.64.0/18 -j FECESBOOK
[0:0] -A OUTPUT -d 204.15.20.0/22 -j FECESBOOK
[3767715:226105098] -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level 6
[3767715:226105098] -A FECESBOOK -j DROP
It's OK to change the numbers in brackets to [0:0]. They represent
the number of [packets:bytes] since the rule was last updated. Which
block has the most traffic depends on which part of the planet you're
on. Here in Toronto, Canada outbound traffic to the 31.13.64.0/18
block, specifically 31.13.80.3, is the most common hit. This comes from
websites with Facebook beacons trying to track every man and his dog.
You'll notice the occasional website with a small rectangle that says
"...can't establish a connection to the server at...". Insert your
browser's name at the left, and the website name (Facebook,
ad.doubleclick.net, etc) at the right.
--
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications
next prev parent reply other threads:[~2015-12-12 6:29 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-12 3:03 [gentoo-user] blocking facebook thelma
2015-12-12 3:29 ` Willie M
2015-12-12 3:37 ` thelma
2015-12-12 3:54 ` Willie M
2015-12-14 16:52 ` pc0147 Sistemas Will_ecg
2015-12-12 4:05 ` Simon Thelen
2015-12-12 4:12 ` Simon Thelen
2015-12-12 4:23 ` thelma
2015-12-12 4:41 ` Dale
2015-12-12 6:29 ` waltdnes [this message]
2015-12-12 14:33 ` Andrew Savchenko
2015-12-12 10:45 ` Michael Schwartzkopff
2015-12-12 12:01 ` Alan McKinnon
-- strict thread matches above, loose matches on Subject: below --
2015-12-12 6:16 John Runyon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151212062920.GA31075@waltdnes.org \
--to=waltdnes@waltdnes.org \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox