Blocking https facebook using squid and ipcop.

Blocking https facebook using squid and ipcop.

This is a personal note to myself for future reference. Three weeks off from work, and I found out the staff here were easily using Facebook at the office. I don't have to mention why I have blocked Facebook. You probably know the answer.

The hunt begins!

1: Find out the single run and filter out tcp connections on port 443. So on IPcop:

root@firewall:~ # iptstate -1 | grep 443.*tcp | more

2: Here is the result:

10.2.13.125:49420      219.93.37.x:443      tcp   ESTABLISHED 119:58:59
10.2.13.125:49418      219.93.37.x:443      tcp   ESTABLISHED 119:58:59
10.2.13.125:49419      219.93.37.x:443      tcp   ESTABLISHED 119:58:59
10.2.13.125:49410      219.93.37.x:443      tcp   ESTABLISHED 119:58:59
10.2.13.125:49408      219.93.37.x:443      tcp   ESTABLISHED 119:58:59
10.2.13.125:49388      31.13.79.1:443       tcp   ESTABLISHED 119:59:59

(Currently 10.2.13.125 is my laptop's local IP address on WiFi.)

3: Looking at the result, I wonder what "31.13.79.1:443" is. To find out, execute:

squid:/etc/squid# host 31.13.79.1

1.79.13.31.in-addr.arpa domain name pointer edge-star-ecmp-03-sin1.facebook.com

4: By looking at the rDNS, I know that 31.13.79.1 belongs to facebook.com. Now it's time to block the whole IP range.

31.13.64.0 - 31.13.127.255 / 255.255.192.0 , 18 Mask bits , maximum addresses "16382"

5: In firewall rules, block 31.13.64.0/255.255.192.0 over https port, which is 443.

6: I opened a browser, went to https://www.facebook.com and I see "The connection has timed out."

So to all my dear colleagues at office: I am smarter than you, as of today. You can keep messing with IT people like us, but the 'war' will never end!