How to Block Access HTTP / HTTPS Facebook Using pfSense Firewall Rules

Problem: How to create alias and block Facebook traffic (IP Addresses and HTTP/HTTPS URL of Facebook) using pfSense firewall rules. Following steps are useful with sites such as Facebook that consume large amounts of IP range but are constrained within a few net blocks.


Step 1: Find Facebook autonomous system OriginAS or ASN number of Facebook IP registration at Facebook Peering Policy.

Peering Information as below:
ASN: AS32934
Suggested Prefix Limit: 100

Step 2: Execute below command to find the most current list of Facebook IP subnets by query server to find subnets for their AS:

whois -h '!gAS32934'

Result query on 27 September 2018:
MacBook-Pro:~ alexl$ whois -h '!gAS32934'

Step 3: Access pfSense and create New Alias with any distinguished name FacebookBlock, with following settings:

Type: Network(s)
Network(s): All IPs that you get from above command

Create pfSense alias to block Facebook

Step 4: Go to Firewall > Rules > LAN to create a new Rule with following settings:

Action = BLOCK
Interface = LAN
Tcp/ip Version = IPV4
Protocol = TCP/UDP

Step 5: Move it on top (where you like to block for all users) of all Rules.

Step 6: Select Block / Reject all.

Step 7: In the section Instead IP Address put FacebookBlock.

Step 8: Save the changes.

Other alternative:
Modify hosts files to prevent access to facebook domains.


Netgate Documentation: Blocking Access to Websites
G7 Schools: How to Block Facebook Using SQUID + SQUIDGUARD through Pfsense
ipaddresshost: How to block HTTP and HTTPS Facebook with pfSense