Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 11-24-2012, 11:22 PM   #1
Registered: Oct 2004
Location: Michigan
Distribution: Debian Squeeze (2.6.32-5)
Posts: 137
Blog Entries: 1

Rep: Reputation: 17
IPTables or IPCop block Facebook Chat

I'm determined to block facebook chat on my network.

I have IPCop 2x running as the main firewall, and in front of that another plain linux box that's hooked to the modem.

I can't seem to find a way to do this.

I've blocked

acl bofh dstdomain **
acl bofh dstdomain **
acl bofh dstdomain **
acl bofh dstdomain *.channel**/false/p_*
acl bofh dstdomain
acl bofh dstdomain
acl bofh dstdomain /ajax/chat/
acl bofh dstdomain /ajax/chat/buddy_list.php
acl bofh dstdomain buddy_list.php
acl bofh dstdomain /presence/popout.php
acl bofh dstdomain /friends/ajax/edit_list.php
acl bofh dstdomain edit_list.php
acl bofh dstdomain chat.php
in squid on the IPCop box, and even killed https to facebook. I've also put all those urls in privoxy too. I've even blocked the *channel*.facebook ip address on the firewall attached to the modem.

Where am I going wrong? I don't want to completely kill facebook, just the chat portion. I have no control over the machines themselves on the network.
Old 11-25-2012, 12:20 PM   #2
Registered: Aug 2008
Location: Nova Scotia, Canada
Distribution: Slackware, OpenBSD, others periodically
Posts: 512

Rep: Reputation: 139Reputation: 139
Facebook chat is ajax/flash based and so runs within the browser making it a it tricky to block if you don't want to kill Facebook altogether (the better idea).

Might get you headed in the right direction, this is the signature for Facebook chat from a Juniper application firewall. Note the multiple domains/paths/options/files referenced):

Signature NestedApplication:FACEBOOK-CHAT                                 
    Layer-7 Protocol: HTTP                                                
    Chain Order: Yes        
    Maximum Transactions: 1                   
    Order: 33313             
    Member(s): 2            
        Member 0                        
            Context: http-url-parsed       
            Pattern: /ajax/(chat/(typ|settings|buddy_list|send\d?|history)|presence/reconnect)\.php.*
            Direction: CTS                                   
        Member 1         
            Context: http-header-host      
            Pattern: (.*\.)?(facebook\.com|fbcdn\.net)                    
            Direction: CT
Old 11-26-2012, 09:40 AM   #3
Senior Member
Registered: Apr 2005
Distribution: Ubuntu, Devuan, OpenBSD
Posts: 2,861
Blog Entries: 3

Rep: Reputation: 1265Reputation: 1265Reputation: 1265Reputation: 1265Reputation: 1265Reputation: 1265Reputation: 1265Reputation: 1265Reputation: 1265
The better way, if you can do it, is to block all of Facebook. The easiest way to do that is to block it using iptables.

You can get the full list of Facebook networks with "/usr/bin/whois -h '!gAS32934'"


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
why can't I log in the chat on facebook ? aggeliki Linux - Networking 5 09-07-2010 06:35 PM
Facebook chat on centerim gannggstaz Linux - Software 0 08-14-2010 09:50 PM
CenterIM and Facebook Chat naimslim89 Linux - Software 3 05-27-2010 11:12 AM
Unable to block google chat in gmail using iptables arun_1328 Linux - Security 11 02-09-2010 10:22 PM
how to block yahoo chat & gmail chat with squid sunlinux Linux - Networking 1 08-10-2007 09:33 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:49 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration