LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 11-24-2012, 11:22 PM   #1
jmoschetti45
Member
 
Registered: Oct 2004
Location: Michigan
Distribution: Debian Squeeze (2.6.32-5)
Posts: 136
Blog Entries: 1

Rep: Reputation: 17
IPTables or IPCop block Facebook Chat


I'm determined to block facebook chat on my network.

I have IPCop 2x running as the main firewall, and in front of that another plain linux box that's hooked to the modem.

I can't seem to find a way to do this.

I've blocked

Code:
acl bofh dstdomain *facebook.com/ajax/chat*
acl bofh dstdomain *facebook.com/images/chat*
acl bofh dstdomain *facebook.com/ajax/presence*
acl bofh dstdomain *.channel*.facebook.com/x/*/false/p_*
acl bofh dstdomain facebook.com/ajax/presence
acl bofh dstdomain chat.facebook.com
acl bofh dstdomain /ajax/chat/
acl bofh dstdomain /ajax/chat/buddy_list.php
acl bofh dstdomain buddy_list.php
acl bofh dstdomain /presence/popout.php
acl bofh dstdomain /friends/ajax/edit_list.php
acl bofh dstdomain edit_list.php
acl bofh dstdomain chat.php
in squid on the IPCop box, and even killed https to facebook. I've also put all those urls in privoxy too. I've even blocked the *channel*.facebook ip address on the firewall attached to the modem.

Where am I going wrong? I don't want to completely kill facebook, just the chat portion. I have no control over the machines themselves on the network.
 
Old 11-25-2012, 12:20 PM   #2
NyteOwl
Member
 
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 138Reputation: 138
Facebook chat is ajax/flash based and so runs within the browser making it a it tricky to block if you don't want to kill Facebook altogether (the better idea).

Might get you headed in the right direction, this is the signature for Facebook chat from a Juniper application firewall. Note the multiple domains/paths/options/files referenced):

Code:
Signature NestedApplication:FACEBOOK-CHAT                                 
    Layer-7 Protocol: HTTP                                                
    Chain Order: Yes        
    Maximum Transactions: 1                   
    Order: 33313             
    Member(s): 2            
        Member 0                        
            Context: http-url-parsed       
            Pattern: /ajax/(chat/(typ|settings|buddy_list|send\d?|history)|presence/reconnect)\.php.*
                    
            Direction: CTS                                   
        Member 1         
            Context: http-header-host      
            Pattern: (.*\.)?(facebook\.com|fbcdn\.net)                    
            Direction: CT
 
Old 11-26-2012, 09:40 AM   #3
Turbocapitalist
Member
 
Registered: Apr 2005
Distribution: Ubuntu, Debian, OS X (bsd)
Posts: 131

Rep: Reputation: 12
The better way, if you can do it, is to block all of Facebook. The easiest way to do that is to block it using iptables.

http://www.howtoforge.com/blocking-f...-extra-privacy

You can get the full list of Facebook networks with "/usr/bin/whois -h whois.radb.net '!gAS32934'"
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
why can't I log in the chat on facebook ? aggeliki Linux - Networking 5 09-07-2010 06:35 PM
Facebook chat on centerim gannggstaz Linux - Software 0 08-14-2010 09:50 PM
CenterIM and Facebook Chat naimslim89 Linux - Software 3 05-27-2010 11:12 AM
Unable to block google chat in gmail using iptables arun_1328 Linux - Security 11 02-09-2010 10:22 PM
how to block yahoo chat & gmail chat with squid sunlinux Linux - Networking 1 08-10-2007 09:33 AM


All times are GMT -5. The time now is 10:52 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration