Forbid Facebook.Com On All My Vpn Connections Using Squid

tomislav91 · 07-05-2017, 02:55 PM

Hello guys, i want to all my vpn connections in linux ubuntu distro to forbid in a period of a time facebook.com. So between 00:00 - 06:00 facebook.com is not be available. I can manage this with squid. So my question is, can i somehow put it on all my connections at once, some global install and configuration like in windows you have domain. I just have my connections in vpn, so i have just ip addresses. Can you give me some advice how can i fastest do this job?

elcore · 07-06-2017, 03:15 AM

Maybe a cron.daily job to push iptables rules @0:00 and flushes them @6:00
I used these rules to ban fb, but note this is ipv4 specific, and there may be additional iprange to block since the time these rules were written.

Code:

####
iptables -A INPUT -m iprange --src-range 31.13.0.0-31.13.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 45.64.0.0-45.64.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 69.63.0.0-69.63.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 69.171.0.0-69.171.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 66.220.0.0-66.220.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 74.119.0.0-74.119.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 103.4.0.0-103.4.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 129.134.0.0-129.134.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 157.240.0.0-157.240.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 173.252.0.0-173.252.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 179.60.0.0-179.60.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 185.60.0.0-185.60.255.255 -j DROP
iptables -A INPUT -m iprange --src-range 204.15.0.0-204.15.255.255 -j DROP
####
iptables -A OUTPUT -m iprange --dst-range 31.13.0.0-31.13.255.255 -j DROP
iptables -A OUTPUT -m iprange --dst-range 45.64.0.0-45.64.255.255 -j DROP
iptables -A OUTPUT -m iprange --dst-range 69.63.0.0-69.63.255.255 -j DROP
iptables -A OUTPUT -m iprange --dst-range 69.171.0.0-69.171.255.255 -j DROP
iptables -A OUTPUT -m iprange --dst-range 66.220.0.0-66.220.255.255 -j DROP
iptables -A OUTPUT -m iprange --dst-range 74.119.0.0-74.119.255.255 -j DROP
iptables -A OUTPUT -m iprange --dst-range 103.4.0.0-103.4.255.255 -j DROP
iptables -A OUTPUT -m iprange --dst-range 129.134.0.0-129.134.255.255 -j DROP
iptables -A OUTPUT -m iprange --dst-range 157.240.0.0-157.240.255.255 -j DROP
iptables -A OUTPUT -m iprange --dst-range 173.252.0.0-173.252.255.255 -j DROP
iptables -A OUTPUT -m iprange --dst-range 179.60.0.0-179.60.255.255 -j DROP
iptables -A OUTPUT -m iprange --dst-range 185.60.0.0-185.60.255.255 -j DROP
iptables -A OUTPUT -m iprange --dst-range 204.15.0.0-204.15.255.255 -j DROP

tomislav91 · 07-06-2017, 06:21 AM

can i put this ip tables into some bash script and run it. can i somehow run it for test and stop it? Or allow in iptables with same command?

Turbocapitalist · 07-06-2017, 08:25 AM

Do you want it in Squid or on each machine's packet filter? You can find out Faecebook's network:

Code:

host facebook.com
whois -h whois.radb.net 31.13.72.36

Then you can extract all the networks

Code:

whois -h whois.radb.net '!gAS32934' \
 | tr ' ' '\n' \
 | sed '/^[0-9]/!d' \
 | sort -t . -k1,1n -k2,2n -k3,3n -k4,4n \
 > /tmp/faecebook.ips

and add them to your Squid configuration or iptables. That's for the IPv4 networks only though.

Which version of Squid do you have?