block HTTP HTTPS Facebook pfSense
Facebook works on HTTPS and there are some tutorials that help you to install “Squid3” Development Package on pfSense to configure pfSense for blocking some of websites but I found issues with it and it wasn’t worthy for my work environment along with “blocking Facebook with pfSense”. I have tried many of tutorials to block Facebook on pfSense box and some of them works but these also blocks some other HTTPS services. Finally, I block Facebook on pfSense with Facebook IP Addresses. I know, it might be quite funny or awkward but it’s the solution that leaves no stone to your efforts and users cannot access it with IP Address, HTTP or HTTPS or with other Facebook TLDs. Let’s get started;
- Find OriginAS or ASN number of Facebook IP registration – I found it and its “AS32934” , can also be confirmed here https://www.facebook.com/peering/
- Use below Command on any internet connected Linux Box / Terminal to get all IPs;
- whois -h whois.radb.net '!gAS32934'
- Access your pfSense and create New Alias with any distinguished name like “FacebookBlock”;
- Type of Alias
- – Network(s) , do mention all IPs that you get from above command;
- – URL, do create a txt file containing all IPs and upload to some webserver and give that path in pfSense.
- Go to Firewall
- Click on Rules
- Click on LAN to create a new Rule.
- Create and Move on Top (where you like to block for all users) to all Rules.
- Select - Block/Reject all
- In the section “Instead IP Address” , Simple put FacebookBlock
- Save and Save Changes
It’s done, you can check it now and there must be no Facebook for all applicable users.