Block Facebook on a Cisco router.

 

Blocking Facebook has become quite a thing to do lately. With Facebook being so popular alot of companies want the whole website blocked. There are many ways of doing it with cisco. I found this to be quite stable and works 100%. This is also not very resource intensive. This will work on any cisco router that can do ACL’s. I’m using it on a cisco 837, cisco 877 and a cisco 1941.
This is what you have to do:

 

Create an access-list t0 deny all Facebook ip addresses on the cisco router.

I like using named access-lists.

Router>enable

Router#configure terminal

router(config)#ip access-list extended Block_FaceBook

router(config-ext-nacl)#

deny   ip 192.168.13.0 0.0.0.255 host 173.252.100.16
deny   ip 192.168.13.0 0.0.0.255 173.252.64.0 0.0.63.255
deny   ip 192.168.13.0 0.0.0.255 31.13.24.0 0.0.7.255
deny   ip 192.168.13.0 0.0.0.255 31.13.64.0 0.0.63.255
eny   ip 192.168.13.0 0.0.0.255 66.220.144.0 0.0.15.255
deny   ip 192.168.13.0 0.0.0.255 69.63.176.0 0.0.15.255
deny   ip 192.168.13.0 0.0.0.255 69.171.224.0 0.0.31.255
deny   ip 192.168.13.0 0.0.0.255 74.119.76.0 0.0.3.255
deny   ip 192.168.13.0 0.0.0.255 103.4.96.0 0.0.3.255
deny   ip 192.168.13.0 0.0.0.255 204.15.20.0 0.0.3.255
permit ip 192.168.1.0 0.0.0.255 any
permit ip any any

Add the newly created “BlockFacebook” access list to an interface on your local LAN.

router(config)#interface fasethernet 0/1
router(config-if)#ip access-group Block_FaceBook in

 

So the process is simple.

Create an ACL with all the facebook ip addresses to block.
Add that access list to the interface on your local network.

For reference, the ip address list for facebook is:
31.13.24.0/21
31.13.64.0/18
66.220.144.0/20
69.63.176.0/20
69.171.224.0/19
74.119.76.0/22
103.4.96.0/22
173.252.64.0/18
204.15.20.0/22

2401:db00::/32
2620:0:1c00::/40
2a03:2880::/32

One comment on “Block Facebook on a Cisco router.

  1. i tried it and it works for seconds :/
    i guess the reason for such a thing is that there is a new IP addresses for facebook , so the router keep searching for these IPs ,so if you could provide us with these IPs i’ll be thankful :D

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>