The following lines were added (+) and removed (-):
== why block facebook? ==# For the obvious reasons, including preventing your employees from wasting company time on social media or playing games, and keeping the kids, especially preteens, off of a site with potential dangers.# Many people do not realize how facebook tracks their online activity, even when not using facebook. Understand "Facebook Beacon" and how Facebook knows what sites you visit, what you buy when you shop online, and who are communicate with.On November 6th, 2007 Facebook launched a new feature called Beacon which collects data on the behavior of Facebook users on several commercial websites such as eBay. When a Facebook user purchases an item online, Facebook provides a way for the user to advertise their purchase on their Facebook News Feed. Facebook also tracks the activity automatically. Although early versions of the Beacon service permitted users to decline sending out the advertising, Facebook did not allow users to opt out of the data collection and behavior monitoring.More recently search engines are plugged into facebook. When you search on bing.com, your search phrases are reported back to facebook, associated with your account, even if you are not logged in. You are being profiled and tracked by facebook via the cooperation of thousands of facebook beacon cooperatives.Blocking facebook on your LAN firewall is one of the best things you can do to protect your online privacy.* Due to "Round Robin DNS" the facebook.com domain does resolve to multiple IP addresses* Facebook may be migrated from one set of IP addresses to other sets at any given timeA source reports, "the main facebook website has the following IP addresses" www.facebook.com A INET 69.63.176.12 www.facebook.com A INET 69.63.176.13 www.facebook.com A INET 69.63.176.14 www.facebook.com A INET 204.15.20.25 www.facebook.com A INET 204.15.20.26 www.facebook.com A INET 69.63.176.11the following IP address ranges that appear to be associated with facebook: 69.63.176.1 - 69.63.191.255 204.15.20.1 - 204.15.23.255== Find the MOST CURRENT list of Facebook Subnets ==To find the most current list of Facebook subnets, query a server to find subnets for their AS and make an alias from there. whois -h whois.radb.net -- '-i origin AS32934' | awk '/^route:/ {print $2;}' | sort | uniqOnce the list of netblocks is in hand, create an alias containing that data and then use it in Firewall rules to control direct access to Facebook.