From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id DD4401384B4 for ; Sat, 12 Dec 2015 06:29:49 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1455C21C0B3; Sat, 12 Dec 2015 06:29:42 +0000 (UTC) Received: from ironport2-out.teksavvy.com (ironport2-out.teksavvy.com [206.248.154.181]) by pigeon.gentoo.org (Postfix) with ESMTP id F3FE121C092 for ; Sat, 12 Dec 2015 06:29:40 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0BjDQA731xV/1zld0tcgxBUXsNlh0sEAgKBPDoTAQEBAQEBAYEKQQWDXQEBBDocECMLIRMSDwUlN4gszyMBAQEBAQUBAQEBAQEcizqEOlIWgwGBFgWFRoV+bIoXhR2CC4EoE4Y9i0SCFIFFI4IHH4FwIDGCRwEBAQ X-IPAS-Result: A0BjDQA731xV/1zld0tcgxBUXsNlh0sEAgKBPDoTAQEBAQEBAYEKQQWDXQEBBDocECMLIRMSDwUlN4gszyMBAQEBAQUBAQEBAQEcizqEOlIWgwGBFgWFRoV+bIoXhR2CC4EoE4Y9i0SCFIFFI4IHH4FwIDGCRwEBAQ X-IronPort-AV: E=Sophos;i="5.13,465,1427774400"; d="scan'208";a="185112972" Received: from 75-119-229-92.dsl.teksavvy.com (HELO waltdnes.org) ([75.119.229.92]) by ironport2-out.teksavvy.com with SMTP; 12 Dec 2015 01:29:38 -0500 Received: by waltdnes.org (sSMTP sendmail emulation); Sat, 12 Dec 2015 01:29:20 -0500 From: waltdnes@waltdnes.org Date: Sat, 12 Dec 2015 01:29:20 -0500 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] blocking facebook Message-ID: <20151212062920.GA31075@waltdnes.org> References: <566B8E72.20004@sys-concept.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <566B8E72.20004@sys-concept.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-Archives-Salt: b3593fd3-0fe3-4d3a-9f02-cda8388c66fc X-Archives-Hash: 5595df5ea8974e233143739904783b71 On Fri, Dec 11, 2015 at 08:03:14PM -0700, thelma@sys-concept.com wrote > Does anybody have an idea how to block facebook? > > I'm using dd-wrt. The "access restriction" can block http but not https > and I'm not good in iptables :-/ > In addition users are using VirtualBox on the network as well. An excerpt from my /var/lib/iptables/rules-save ruleset... [0:0] -A INPUT -s 31.13.24.0/21 -j FECESBOOK [154:11168] -A INPUT -s 31.13.64.0/18 -j FECESBOOK [0:0] -A INPUT -s 66.220.144.0/20 -j FECESBOOK [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK [0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK [0:0] -A INPUT -s 74.119.76.0/22 -j FECESBOOK [0:0] -A INPUT -s 103.4.96.0/22 -j FECESBOOK [0:0] -A INPUT -s 173.252.64.0/18 -j FECESBOOK [0:0] -A INPUT -s 204.15.20.0/22 -j FECESBOOK [0:0] -A OUTPUT -d 31.13.24.0/21 -j FECESBOOK [3763325:225839770] -A OUTPUT -d 31.13.64.0/18 -j FECESBOOK [56:3360] -A OUTPUT -d 66.220.144.0/20 -j FECESBOOK [0:0] -A OUTPUT -d 69.63.176.0/20 -j FECESBOOK [874:52440] -A OUTPUT -d 69.171.224.0/19 -j FECESBOOK [0:0] -A OUTPUT -d 74.119.76.0/22 -j FECESBOOK [0:0] -A OUTPUT -d 103.4.96.0/22 -j FECESBOOK [3306:198360] -A OUTPUT -d 173.252.64.0/18 -j FECESBOOK [0:0] -A OUTPUT -d 204.15.20.0/22 -j FECESBOOK [3767715:226105098] -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level 6 [3767715:226105098] -A FECESBOOK -j DROP It's OK to change the numbers in brackets to [0:0]. They represent the number of [packets:bytes] since the rule was last updated. Which block has the most traffic depends on which part of the planet you're on. Here in Toronto, Canada outbound traffic to the 31.13.64.0/18 block, specifically 31.13.80.3, is the most common hit. This comes from websites with Facebook beacons trying to track every man and his dog. You'll notice the occasional website with a small rectangle that says "...can't establish a connection to the server at...". Insert your browser's name at the left, and the website name (Facebook, ad.doubleclick.net, etc) at the right. -- Walter Dnes I don't run "desktop environments"; I run useful applications