Facebook Filtering With a SOHO Firewall
Users and network administrators have reported issues when trying to filter or block access to Facebook with SOHO firewall hardware, such as the TRENDnet TW100-BRF214 Firewall Router. Entering the address "facebook.com" seems to fail at blocking facebook.com consistently.
Under the typical SOHO firewall, going to "URL Filter" and entering "facebook.com" and "www.facebook.com" will only result in partial blocking of the site. In fact, users enter www.facebook.com in the URL of the web browser and are still able to access the site.
It is necessary to block all associated IP addresses and domain combinations related to facebook. Maintaining a comprehensive up to date list may not be practical. Here we hope to include as much as possible as current as time permits.
Contents
why block facebook?
- For the obvious reasons, including preventing your employees from wasting company time on social media or playing games, and keeping the kids, especially preteens, off of a site with potential dangers.
- Many people do not realize how facebook tracks their online activity, even when not using facebook. Understand "Facebook Beacon" and how Facebook knows what sites you visit, what you buy when you shop online, and who are communicate with.
On November 6th, 2007 Facebook launched a new feature called Beacon which collects data on the behavior of Facebook users on several commercial websites such as eBay. When a Facebook user purchases an item online, Facebook provides a way for the user to advertise their purchase on their Facebook News Feed. Facebook also tracks the activity automatically. Although early versions of the Beacon service permitted users to decline sending out the advertising, Facebook did not allow users to opt out of the data collection and behavior monitoring.
More recently search engines are plugged into facebook. When you search on bing.com, your search phrases are reported back to facebook, associated with your account, even if you are not logged in. You are being profiled and tracked by facebook via the cooperation of thousands of facebook beacon cooperatives.
Blocking facebook on your LAN firewall is one of the best things you can do to protect your online privacy.
facebook known address
URL List
facebook.com www.facebook.com login.facebook.com blog.facebook.com apps.facebook.com facebook.com en-gb.facebook.com
IPv4 List
204.15.20.0 - 204.15.23.255 69.63.176.0 - 69.63.191.255 69.171.224.0 - 69.171.255.255 66.220.144.0 - 66.220.159.255
research
- Due to "Round Robin DNS" the facebook.com domain does resolve to multiple IP addresses
- Facebook may be migrated from one set of IP addresses to other sets at any given time
Doing a simple "host facebook.com" produces the following:
facebook.com has address 66.220.149.88 facebook.com has address 66.220.152.16 facebook.com has address 69.171.234.21 facebook.com has address 69.171.237.16 facebook.com has address 69.171.247.21
whole doing a "host www.facebook.com" results in:
www.facebook.com has address 69.171.237.32
A source reports, "the main facebook website has the following IP addresses"
www.facebook.com A INET 69.63.176.12 www.facebook.com A INET 69.63.176.13 www.facebook.com A INET 69.63.176.14 www.facebook.com A INET 204.15.20.25 www.facebook.com A INET 204.15.20.26 www.facebook.com A INET 69.63.176.11
the following IP address ranges that appear to be associated with facebook:
69.63.176.1 - 69.63.191.255 204.15.20.1 - 204.15.23.255
Find the MOST CURRENT list of Facebook Subnets
To find the most current list of Facebook subnets, query a server to find subnets for their AS and make an alias from there.
whois -h whois.radb.net -- '-i origin AS32934' | awk '/^route:/ {print $2;}' | sort | uniq
Once the list of netblocks is in hand, create an alias containing that data and then use it in Firewall rules to control direct access to Facebook.
