not able to block facebook.com using ipblock list

[tekbahadur1]

when i add the domain name in ipblock list.
it should automatically detect all the ip addresses assigned for same domain name but it is failing to do this.
plz help me to block social networking sites.
I am using firewall ver3.0

[kronckew]

the ip blocklist looks up the current IP of facebook at the time you click the button. facebook uses a fair number of IP's, so the next time your pc goes there it will likely be a different IP.

anyhow, have a look at this thread where we discuss the facebook howto. there are a number of options...

[tekbahadur1]

can't we have the keyword web blocking back in firewall?
as it was available and quite reliable in firewall version 2.0...

[kronckew]

keyword blocking for ads is still available as in earlier versions, it will prevent anything from displaying, ie. *.facebook.* should stop anything from facebook from showing, but it will not stop the site connection like the blocklist.


it also will not stop ads or frames that have a non-facebook url. see the list in the improvenet tab as per attached for examples. for facebook you'd also need to block their other domains like fbcdn.net, it also may not block gzipped or secure encrypted sites.

for facebook, the simplest solution is to add the following three lines to the file called HOSTS (note that there is no extension) in windows\system32\drivers\etc:

127.0.0.1 www.facebook.com
127.0.0.1 facebook.com
127.0.0.1 fbcdn.net

[tekbahadur1]

great!!!
but everyone knows about hosts file and anyone can revert the hosts file to access the blocked url.
ok if we modify the hosts file but what to do with the bypass proxy sites like www.bypassthat.com which makes our effort useless??????????

[kronckew]

sigh

i gather we're trying to keep a persistant juvenile from facebook, etc. if they're that smart, it gets difficult. if the pc's user is smart and tries hard enough, it's difficult to keep them away from their addiction. per your last, you also need to block any known proxys.

you could tie down the pc from access to the system folders with the policy editor, so only the admin account has access, and ensure they can't get in the admin account. while you are at it, set it so they do not see any of the networking related settings, so they can't change dns settings.

then you could set up an account at opendns, password protect the account with a strong password sequence, then set the opendns server addresses in the router, set networking to point to the router as the dns server. use the opendns account to block porn, instant messaging, proxys and social networks, etc. and let them worry about the IP's. make sure you again use a strong password on the router so they can't change it. if they can get thru that, you are in deep doo-doo.

some routers (like my netgear) allow you to block domains at the hardware level, and have keyword blocking. if router access is secure that can help, again you'd also need to block any proxy sites, etc. they could alsways set the router back to factory defaults, reconnect and thus bypass it, if y'all connect via wifi instead of cabling, they'd need to set up the wap security with the same passwords/keys as before or you'd know when you couldn't connect yourself. you also need to make sure they can't connect to a neighbours insecure wap.

all in all a never ending battle. OP is just one layer in the defence onion.

dropping the pc from the top of a tall building , hitting it repeatedly with a 10 lb. sledge hammer, or a few hits from a 12 ga. will also keep them from facebooking i do not recommend a similar strategy with the offending user as the police tend to frown on that.

one major advantage of having two dogs that live with me in lieu of children is that their fingers do not fit the keyboard and they have no thumbs. and if they disobey, get loose, and get pregnant you can sell the offspring. they also need me, i'm the only one that can work the can opener.

[Escalader]

Quote:

Originally Posted by tekbahadur1

can't we have the keyword web blocking back in firewall?
as it was available and quite reliable in firewall version 2.0...

Just a thought for you, you can put keyword web blocking in Nod32 V4 using their address management feature. Here is an example I use for China.

*.cn.