[SOLVED] iptable rules to block https://www.facebook.com
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi..everybody.
I am using squid-3.1.14 as transparent proxy on ubuntu 11.10. Everything is working fine. I have blocked facebook. But the users still can access using https. I searched in google to block https with squid but ended with no use. I thought of this is the best site to discuss because many of my problems have been solved with this site. I really hats off to every member of this site.
Please find the attachment in which my current IPTable rules are given. I found this link and found the thread as solved. So I tried
iptables v1.4.10:
The "nat" table is not intended for filtering, the use of DROP is therefore inhibited.
Try `iptables -h' or 'iptables --help' for more information.
So please help me to run the above command on ubuntu.
In my area the facebook is having below IP addresses.
dig facebook.com
; <<>> DiG 9.7.3 <<>> facebook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16211
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;facebook.com. IN A
;; ANSWER SECTION:
facebook.com. 4092 IN A 69.171.224.11
facebook.com. 4092 IN A 69.171.229.11
facebook.com. 4092 IN A 66.220.149.11
;; AUTHORITY SECTION:
facebook.com. 169687 IN NS ns3.facebook.com.
facebook.com. 169687 IN NS ns4.facebook.com.
facebook.com. 169687 IN NS ns5.facebook.com.
facebook.com. 169687 IN NS ns1.facebook.com.
facebook.com. 169687 IN NS ns2.facebook.com.
;; ADDITIONAL SECTION:
ns1.facebook.com. 713 IN A 204.74.66.132
ns2.facebook.com. 713 IN A 204.74.67.132
ns3.facebook.com. 489 IN A 66.220.151.20
ns4.facebook.com. 487 IN A 69.63.186.49
ns5.facebook.com. 487 IN A 66.220.145.65
;; Query time: 27 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Fri Dec 16 23:56:58 2011
;; MSG SIZE rcvd: 248
I also tried
iptables -t nat -A PREROUTING -i eth0 --dst facebook.com -p tcp --dport 443 -j DNAT --to 192.168.0.1:3128
now it is blocked and gives the error as "secure connection failed" even they tries it multiple times using https://facebook.com which was accessible earlier with the same i.e https://facebook.com but again it can accessible if they use "www" i.e https://www.facebook.com
So please help me to block "https://www.facebook.com"
Last edited by mandyapenguin; 12-16-2011 at 12:45 PM.
Reason: heading correction
Click here to see the post LQ members have rated as the most helpful post in this thread.
Make a fake facebook.com dns entry in your DNS server
Hi.. Thanks for the reply,
Code:
cat /etc/bind/db.facebook.com
$TTL 1d
facebook.com. IN SOA ns.facebook.com. root.facebook.com. (
20111125 ; se = serial number
3h ; ref = refresh
15m ; ret = update retry
3w ; ex = expiry
3h ; min = minimum
)
IN NS ns.facebook.com.
ns IN A 192.168.0.1
www IN A 192.168.0.1
facebook.com. IN A 192.168.0.1
cat /etc/bind/db.192.168.0
$TTL 1d
@ IN SOA ns.facebook.com. root.facebook.com. (
20111125 ; se = serial number
3h ; ref = refresh
15m ; ret = update retry
3w ; ex = expiry
3h ; min = minimum
)
IN NS ns.facebook.com.
1 IN PTR ns.facebook.com.
1 IN PTR www.facebook.com.
1 IN PTR facebook.com.
Restarted the bind service and found, now https://www.facebook.com also has been blocked. Super, now no one can access facebook even using https://www.facebook.com apart from some bypass sites, It is okay I can monitor bypass sites and block those also. But it is affecting to everyone. I want to allow some authorized IPs to access facebook.com at all time. So could you please guide me with iptable rules instead dns.
Last edited by mandyapenguin; 12-17-2011 at 02:34 AM.
why not just remap facebook.com to 127.0.0.1 in the host file
that will block all access
Thanks for your kind reply.
I tried it, now the https://www.facebook.com also has been blocked. But it is not enough to do this with only server's /etc/hosts file instead we should do it in each user machine's /etc/hosts file. Then only the facebook redirect to 127.0.0.1 on their PC. But since the every user is having super user permission, they can easily remove the entry from /etc/hosts file. So may I expect some iptable rules from you to block https://www.facebook.com?
Thanks coolsg5636,
I tried the iptable rules provided by you. Still https://www.facebook.com can accessible but when they login, again by default it redirect to http://www.facebook.com. then they will get proxy error but if they put "s" after http with same url again it works. So I think, I have not completely blocked https://facebook.com if the users are accessing it using "s" whenever they get error. So please see the IP addresses in my area that is already given and help me to block https://www.facebook.com with iptable rules.
Last edited by mandyapenguin; 12-17-2011 at 03:00 AM.
and found the "https://www.facebook.com" can be blocked only then if we go through browser settings mode even proxy is working as transparent mode. Since we are using transparent mode the user can remove browser settings and can access https://www.facebook.com. So could you please guide me about IPTable rules to enable mail client and ftp access for non transparent proxy. So we can migrate to non transparent proxy only, since browser settings in each PC seems as more secure proxy. I will be waiting for your kind reply.
Last edited by mandyapenguin; 12-18-2011 at 05:10 AM.
If you use DNS poisoning (which is what other people suggested by adding a bad DNS entry for facebook.com) then you can simply manually set the DNS to google public DNS or to opendns. That way the computers you want bypass the filtering altogether. The only drawback (maybe) is that you don't get the advantages of caching from your local squid.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.