Skip to Content

How to Block Access HTTP / HTTPS Facebook Using pfSense Firewall Rules

Problem: How to create alias and block Facebook traffic (IP Addresses and HTTP/HTTPS URL of Facebook) using pfSense firewall rules. Following steps are useful with sites such as Facebook that consume large amounts of IP range but are constrained within a few net blocks.

Solution

Step 1: Find Facebook autonomous system OriginAS or ASN number of Facebook IP registration at Facebook Peering Policy.

Peering Information as below:
ASN: AS32934
Suggested Prefix Limit: 100
PeeringDB: as32934.peeringdb.com

Step 2: Execute below command to find the most current list of Facebook IP subnets by query server to find subnets for their AS:

whois -h whois.radb.net '!gAS32934'

Result query on 27 September 2018:
MacBook-Pro:~ alexl$ whois -h whois.radb.net '!gAS32934'
A1561
204.15.20.0/22 69.63.176.0/20 66.220.144.0/20 66.220.144.0/21 69.63.184.0/21 69.63.176.0/21 74.119.76.0/22 69.171.255.0/24 173.252.64.0/18 69.171.224.0/19 69.171.224.0/20 103.4.96.0/22 69.63.176.0/24 173.252.64.0/19 173.252.70.0/24 31.13.64.0/18 31.13.24.0/21 66.220.152.0/21 66.220.159.0/24 69.171.239.0/24 69.171.240.0/20 31.13.64.0/19 31.13.64.0/24 31.13.65.0/24 31.13.67.0/24 31.13.68.0/24 31.13.69.0/24 31.13.70.0/24 31.13.71.0/24 31.13.72.0/24 31.13.73.0/24 31.13.74.0/24 31.13.75.0/24 31.13.76.0/24 31.13.77.0/24 31.13.96.0/19 31.13.66.0/24 173.252.96.0/19 69.63.178.0/24 31.13.78.0/24 31.13.79.0/24 31.13.80.0/24 31.13.82.0/24 31.13.83.0/24 31.13.84.0/24 31.13.85.0/24 31.13.86.0/24 31.13.87.0/24 31.13.88.0/24 31.13.89.0/24 31.13.90.0/24 31.13.91.0/24 31.13.92.0/24 31.13.93.0/24 31.13.94.0/24 31.13.95.0/24 69.171.253.0/24 69.63.186.0/24 31.13.81.0/24 179.60.192.0/22 179.60.192.0/24 179.60.193.0/24 179.60.194.0/24 179.60.195.0/24 185.60.216.0/22 45.64.40.0/22 185.60.216.0/24 185.60.217.0/24 185.60.218.0/24 185.60.219.0/24 129.134.0.0/16 157.240.0.0/16 157.240.8.0/24 157.240.0.0/24 157.240.1.0/24 157.240.2.0/24 157.240.3.0/24 157.240.4.0/24 157.240.5.0/24 157.240.6.0/24 157.240.7.0/24 157.240.9.0/24 157.240.10.0/24 157.240.16.0/24 157.240.19.0/24 157.240.11.0/24 157.240.12.0/24 157.240.13.0/24 157.240.14.0/24 157.240.15.0/24 157.240.17.0/24 157.240.18.0/24 157.240.20.0/24 157.240.21.0/24 157.240.22.0/24 157.240.23.0/24 129.134.0.0/17 157.240.0.0/17 204.15.20.0/22 69.63.176.0/20 69.63.176.0/21 69.63.184.0/21 66.220.144.0/20 69.63.176.0/20
C

Step 3: Access pfSense and create New Alias with any distinguished name FacebookBlock, with following settings:

Type: Network(s)
Network(s): All IPs that you get from above command

Create pfSense alias to block Facebook

Step 4: Go to Firewall > Rules > LAN to create a new Rule with following settings:

Action = BLOCK
Interface = LAN
Tcp/ip Version = IPV4
Protocol = TCP/UDP

Step 5: Move it on top (where you like to block for all users) of all Rules.

Step 6: Select Block / Reject all.

Step 7: In the section Instead IP Address put FacebookBlock.

Step 8: Save the changes.

Other alternative:
Modify hosts files to prevent access to facebook domains.

0.0.0.0 facebook.com
0.0.0.0 facebook.net
0.0.0.0 api.facebook.com
0.0.0.0 api.facebook.net
0.0.0.0 connect.facebook.net
0.0.0.0 connect.facebook.com

Reference

Netgate Documentation: Blocking Access to Websites
G7 Schools: How to Block Facebook Using SQUID + SQUIDGUARD through Pfsense
ipaddresshost: How to block HTTP and HTTPS Facebook with pfSense

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker