Howto block using linux tools

Recently I was challenged to block access to Facebook from private network ( let’s say Here are steps I did, so far I cannot see it again in my logs

For this task I decided to use native Linux tools,squid and iptables.While squid is really good in blocking web sites ( accessed over http ) it still have issues when it comes to filtering of https

First I set below rule in my squid.conf

acl facebook dstdomain
http_access deny facebook

and it was enough for successfully blocking of and its subdomains.

Another issue is, if some of my wise users perform

$ ping
PING ( 56(84) bytes of data.

he/she will get ip address and overcome my above rule.So lead to Facebook again.

I added below rule

acl b1 url_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
http_access deny b1

to block all combination of ip addresses to be accessed from web browser.As this can be problematic in same cases ( before I moved to use I was using google in form http://ip-of-google-from-pinging-it.Google’s geolocator is simple annoying )

So we have till now blocked, and also if someone access it directly over ip address.

What is remained? Https 🙂

Squid proxy cannot help us to block https ( afaik,if someone know how,suggestion is more than welcome ),so I pinged,got its ip address and write iptables rule

${IPTABLES} -t nat -A PREROUTING -i $INT_IF -p tcp -s ${PRIVATE} -d –dport 443 -j DROP

Hmm…not elegant. I agree.

You noticed that I put in destination network whole subnet, assuming Facebook own them all.This can lead to issue if your business partners own some of these ip addresses and you need to access to port 443.I know for sure that I do not have business partners at these ip locations.

Here is question, what if Facebook own ip addresses from some other subset?They probably own,but monitoring of your squid / messages logs,you can find out what are these ip addresses and add for them rule as above

Above process is “facebook specific”, but you can change it easy and apply it on,, … usw.