Topic: Blocking Facebook

[compsos]

Hi
We are trying the attached code to block all of the facebook.com pages. They have 9210 ipaddresses in their 3 block ranges

Code: [Select]

nano -w /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40FaceBook
 
  iptables -A OUTPUT -d 66.220.149.0/20 -j DROP
  iptables -A OUTPUT -d 69.63.176.0/20 -j DROP
  iptables -A OUTPUT -d 204.15.20.0/22 -j DROP
 
  /sbin/e-smith/expand-template /etc/rc.d/init.d/masq
 
  svc -t /service/masq

Ip Ranges are (from what we have found)
66.220.144.0 to 66.220.159.255
204.15.20.0 to 204.15.23.255
69.63.176.0 to 69.63.191.255

Any feedback welcome.

[janet]

compsos

Dansguardian will block facebook.com & a whole lot more

[compsos]

Thanks Mary
Yes I have used Dansguardian before but in this case seemed like cracking a nut with a very large hammer. The request was for "block Facebook".

[byte]

Code: [Select]

  svc -t /service/masq


That command should be

Code: [Select]

sv t /service/masq/

[CharlieBrady]

That command should be

Code: [Select]

sv t /service/masq/

No it shouldn't. There is no supervised masq service.

/etc/rc.d/init.d/masq restart

or

service masq restart

[piran]

Any feedback welcome.

What are the reasons for the intended block?
Are you only concerned with originating traffic ie outgoing?
Might not your users try another proxy or TOR?

[compsos]

The reason for the block was a request from the business owner to reduce wasted time on the internet on non business activity. They have not been the 1st or I suspect the last to request restrictions. Dansguardian is good but there seems to be a lot of tweeking required to open or lock sites when and when the client finds them  either blocked or open. The web is a big place.

Thank you Charlie for the command correction.

Piran
Just looking at the TOR project, it looks like it is detectable at either end. In which case it may be stoppable at the sever?

If your attacker      can watch the traffic coming out of your computer, and also the traffic      arriving at your chosen destination, he can use statistical analysis to      discover that they are part of the same circuit.     

[piran]

That TOR 'analysis' sounds quite messy.

>>wasted time
Consider blocking inwards as opposed to outwards.
Might be easier to trap something in the router.
I'm not a FBer (ever) so no experience but does
any/all of their traffic show a user-agent signature?
If so, and reliably so, then a httpd.conf clause with
a custom error statement (business owner's words)
might do the trick overall.

[purvis]

Have the person explain to the people that Facebook has been known to have bad virus like stuff on it that could cause the business much loss and that is a risk the business is unwilling to take.
Then monitor the proxy log by another program.
Put passwords on as many logins as you can such as windows, sceensavers, browsers ,  Firefox's public fox, etc.
Many users are hooked to facebook. If that does not work then tell them their pay is going to be reduced. People understand money more than any thing else.
 

[janet]

compsos

Dansguardian is good but there seems to be a lot of tweeking required to open or lock sites when and when the client finds them  either blocked or open. The web is a big place.

I find it quite easy & quick to use. Most tweaks involve editing one file & restarting dansguardian which takes 2-3 minutes. More often it is a case of set up all the restricted sites and file types and forget about it. Initially there may be some fine tuning to suit the sites needs, but again once the fine tuning has been done it is set and forget.

If you only want to block access to one site ie facebook.com, that is very easily done with one entry and will block all facebook servers on different IPs.

[arne]

Does it work ? I can not test it. Just from old memories:


iptables -I OUTPUT -d 66.220.149.0/20 -j DROP
iptables -I OUTPUT -d 69.63.176.0/20 -j DROP
iptables -I OUTPUT -d 204.15.20.0/22 -j DROP

iptables -I FORWARD -d 66.220.149.0/20 -j DROP
iptables -I FORWARD -d 69.63.176.0/20 -j DROP
iptables -I FORWARD -d 204.15.20.0/22 -j DROP

[compsos]

Hi Arne

So far no reports of any breaches. At the moment we only have the output chain defined.