Wednesday, September 12, 2012

Block facebook on a proxied internet with iptables

Those who access internet by setting a proxy(insti proxy!!) in their browsers and want to block facebook on their computers can issue the following command as root on their linux box

iptables -I OUTPUT -m string --algo bm --string "facebook.com" -j DROP

I can't control myself from opening Facebook every now and then, when working in lab, just to see what's going on. Facebook is my biggest distraction. Hope this move will help me to concentrate on work.
By the way, iptables doesn't persist the firewall rules across restarts. So I have appended the above command to my /etc/profile file so I don't have to manually type the above command when I fresh boot my computer.
By the way the above command will block all packets that match the string facebook.com, so if you try to search for facebook.com in Google, you won't be able to see the results page, as the search query will never reach Google.

And yeah, if you want to unblock facebook, check the rule number by issuing
iptables -L OUTPUT
And see the line number. If the rule you created is on 1st line then line number is 1. Now issue the following command:
iptables -D OUTPUT 1



3 comments:

Martin C. said...

Mmm, nice hack, I already have FB blocked in my /etc/hosts file but this method shows to be more flexible.

Now I can block an entire subnet from accessing FB and sit back and enjoy watching them entering panic, hehe.

Prabhakar Kumar said...

The hosts file trick doesn't work for me because I am behind a proxy server, and it is the proxy server which does the name resolution.

Juli GS said...

buycheapfacebooklikesI was very pleased to find this site. I wanted to thank you for this great read!! I definitely enjoyed every little bit of it