have you tried to block facebook via iptables (-m string):
http://blog.mynux.net/2011/08/iptabl...-facebook.html |
Why you dont try making an alias and block access to it? I did in this way on pfsense box and it works, think can work in linux too, but if you block it with alias non will be aviable to access facebook, even if you have PC's wich are not filtered in proxy.
|
Block Facebook with iptables
Let's say your LAN IP range is 10.1.1.0/24 then:
### Block connections to Facebook ######################################################################### IPT="/sbin/iptables" $IPT -A OUTPUT -p tcp -m string --string "facebook.com" --algo kmp -j DROP $IPT -A FORWARD -d facebook.com -j DROP echo "Obtaining Facebook IP ranges from whois..." RESULT=$( /usr/bin/whois -h whois.radb.net '!gAS32934' | tr ' ' '\n' | sort -n -k1,1 -k2,2 -k3,3 -k4,4 ) arr=$(echo $RESULT | tr " " "\n") if [ -f facebookips ] ; then rm -f facebookips fi for x in $arr do echo "$x" >> facebookips done tail -n +6 facebookips > tmp.tmp mv tmp.tmp facebookips y=0 while read line do (( y++ )) $IPT -I FORWARD -s 10.1.1.0/24 -d $line -j DROP $IPT -A INPUT -p tcp -d $line --dport 443 -j REJECT done <facebookips echo "$y Facebook IP ranges blocked." #################################################################################################### ####### |
All times are GMT -5. The time now is 08:14 AM. |