How to block https://www.facebook.com

[kavirajan]

Please anyone tell me how to make fake facebook.com dns entry in zentyal DNS server.

please go through the link
http://www.linuxquestions.org/questions/linux-newbie-8/iptable-rules-to-block-https-www-facebook-com-919096/

Need to add

iptables -N FACEBOOK
 
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 443 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 66.220.144.0-66.220.159.255 --dport 80 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 69.63.176.0-69.63.191.255 --dport 80 -j FACEBOOK
iptables -I FORWARD -m tcp -p tcp -m iprange --dst-range 204.15.20.0-204.15.23.255 --dport 80 -j FACEBOOK
 
iptables -A FACEBOOK -j REJECT




But i dono where is the iptables file exactly.

[kavirajan]

Will clarkconnect will work now.

[kavirajan]

hi friends,

Please anyone help me to block facebook in https on non transparent mode, and also tell me how to block https site in non transparent mode.

Because i am going to use two servers one for non transparent another one for transparent mode to block https and http site.

so please help me to block https sites in non transparent mode.

[christian]

Kavirajan,

I merged again your posts.

1 - Please do not start another new post with same content and same question just because you didn't get the expected answer with the previous posts. You can still bump the previous ones.
2 - From my standpoint, you already got the full set of information. If this is not clear enough, feel free to explain, within existing posts, what is not clear to you.

[kavirajan]

Please anyone help me to block https in non transparent mode.

[christian]

With explicit proxy:

- be sure that firewall doesn't permit HTTP and HTTPS flow to reach internet directly (otherwise users can bypass your proxy)
- in "proxy/filter profile/domain filter settings" section, ensure that access to IP address is blocked
- in  "proxy/filter profile/domain & URL rules" add facebook.com domain with deny decision

et voila... so much easy.

Well, this is not 100% blocked. Users able to select external proxy can still access facebook but this will already limit a lot.
With access to IP denied, it will limit further.
Content filter threshold will block some external proxies and to converge toward holy-grail, you will have to look at log and add some more domains.

[kavirajan]

Hi Christian,

Its not worked for me, actually its not for non transparent method,
If you know plz help otherwise plz shut, some one can help.

I dont need http proxy, i need only firewall.

[christian]

  you want to block facebook using FW only and not HTTP proxy ?
So do it adding (multiple) IP addresses in your firewall an denying access to it. So much easy to explain it but impossible to achieve it.

Joke aside, I suppose this is because of language difference but I don't understand what you target (except that you want to block access to facebook)

So, spend time explaining better your goal and you may have some members here prone to help you. Not me BTW because I'm lost with all these back and forth.

[Sam Graf]

If you know plz help otherwise plz shut, some one can help.

I dont need http proxy, i need only firewall.

I think all the information you need is in this topic, thanks in large part to christian.

I think you might be confused by the iptables information you've found elsewhere. There is no need to edit iptables by hand. You can accomplish the same thing using Zentyal's firewall and service tools, and the network object tools if you want to create a Facebook object (where all your Facebook IP addresses could go). Create an HTTPS service using port 443, then set firewall rules for both HTTP and HTTPS accordingly.