|
|||
To block Facebook with PF
Hello, daemonforums!
I am using OpenBSD 6.7 on my desktop computer. I would like to block all facebook and it's button on other websites. I have been recommended to add these lines in my hosts file. Code:
#Facebook Block 127.0.0.1 www.facebook.com 127.0.0.1 facebook.com 127.0.0.1 login.facebook.com 127.0.0.1 www.login.facebook.com 127.0.0.1 fbcdn.net 127.0.0.1 www.fbcdn.net 127.0.0.1 fbcdn.com 127.0.0.1 www.fbcdn.com 127.0.0.1 static.ak.fbcdn.net 127.0.0.1 static.ak.connect.facebook.com 127.0.0.1 connect.facebook.net 127.0.0.1 www.connect.facebook.net 127.0.0.1 apps.facebook.com 127.0.0.1 api.ak.facebook.com 127.0.0.1 api.connect.facebook.com 127.0.0.1 api.facebook.com 127.0.0.1 apps.facebook.com 127.0.0.1 ar-ar.facebook.com 127.0.0.1 badge.facebook.com 127.0.0.1 blog.facebook.com 127.0.0.1 connect.facebook.net 127.0.0.1 de-de.facebook.com 127.0.0.1 developers.facebook.com 127.0.0.1 es-la.facebook.com 127.0.0.1 external.ak.fbcdn.net 127.0.0.1 facebook.de 127.0.0.1 facebook.fr 127.0.0.1 fb.me 127.0.0.1 fbcdn.net 127.0.0.1 fr-fr.facebook.com 127.0.0.1 hi-in.facebook.com 127.0.0.1 it-it.facebook.com 127.0.0.1 ja-jp.facebook.com 127.0.0.1 login.facebook.com 127.0.0.1 profile.ak.fbcdn.net 127.0.0.1 pt-br.facebook.com 127.0.0.1 ssl.connect.facebook.com 127.0.0.1 www.facebook.de 127.0.0.1 www.facebook.fr 127.0.0.1 zh-cn.facebook.com Can you help me with which PF rules I should use? Thank you! |
|
|||
@sabrina: If you want to block it in web browser then ublock is the addon for your browser who has this feature. And it has a social media blocking list. You could use that.
|
|
|||
Another solution on OpenBSD is using Unbind and few lists to block "bad" trafic.
as Geoghegan's project pf-badhost and unbind-adblock. See: - https://www.geoghegan.ca/pfbadhost.html - https://www.geoghegan.ca/unbound-adblock.html With unbound, it's easy to add blocklist, yours or others recognized!
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733 |
|
|||
There is GoodbyeBigFive script for PF MacOS which must be ok for OpenBSD too.
Maybe this too is useful: https://vermaden.wordpress.com/2020/...dns-blacklist/ Last edited by zippy99; 18th November 2020 at 05:35 PM. |
|
||||
Quote:
The technique this uses is to query Merit's routing registry database (RADb) by the ASN (Autonomous System Number) and populate the blocklists accordingly with the returned CIDR groups. An example using this approach was posted to misc@ back in 2013. I'm surprised this isn't more popular nowadays. Here are two query strings for Facebook that show how it works, AS33934 is Facebook's ASN: output all CIDR groups on one line: Code:
whois -h whois.radb.net '!gas32934' | grep '/' Code:
whois -h whois.radb.net -- '-i origin AS32934' | awk '/route:/ {print $2}' https://www.radb.net/support/tutoria...ons-flags.html And here are two pairs of quick'n'dirty two-liners, based on the query string examples above, that generate <tables> which can be used directly with pf: Facebook's IPv4 CIDRs: Code:
print -n "table <facebook> { " > table.facebook.com whois -h whois.radb.net '!gAS32934' | grep '/' | sed -e s/" "/", "/g | awk 1 ORS=' }' >> table.facebook.com Code:
print -n "table <facebook> { " > table.v6.facebook.com whois -h whois.radb.net '!6as32934' | grep '/' | sed -e s/" "/", "/g | awk 1 ORS=' }' >> table.v6.facebook.com Code:
print -n "table <facebook> { " > table.facebook.com print -n $(whois -h whois.radb.net -- '-i origin AS32934' | awk '/route:/ {print $2}') | sed -e s/" "/", "/g | awk 1 ORS=' }' >> table.facebook.com Code:
print -n "table <facebook> { " > table.v6.facebook.com print -n $(whois -h whois.radb.net -- '-i origin AS32934' | awk '/route6:/ {print $2}') | sed -e s/" "/", "/g | awk 1 ORS=' }' >> table.v6.facebook.com You should probably rerun the queries from time to time as the output can obviously change. While not a silver bullet this technique is pretty neat. It can and should be combined, though, with the DNS-based blocking approach as well as the adblocker lists in the browser. To some this may seem over the top, but if you'd really like to practise social distancing from Facebook this is but a tiny start. Most people are completely unaware how deep Facebook's reach goes nowadays. The following info is from a piece by Wolfie Christl originally published in 2015 in the German FAZ newspaper. (Sidenote about the url in the previous paragraph: it is not without irony that a website about privacy and with the domain name donottrack-doc.com employs the services of google analytics. This truly warrants a tactical facepalm, courtesy of theregister.co.uk: ) That Facebook keeps so-called 'shadow profiles' of people that don't have a Facebook account is probably known by now. There's not much you can do about it other than ask, beg, threaten or blackmail your friends and relations not to include your contact data when uploading their address books to Facebook. Facebook also cooperates with companies like Acxiom, Epsilon, Datalogix or Bluekai. Most people will have never heard of these companies, yet they may probably already know something about you. They are so-called data brokers. For example, Axciom woks with consumer data looking after customer databases of about 15.000 companies with dossiers on individual consumers of up to 3000 individual data points of about 700 million people. This includes things like income, health-related interests or voting behaviour. While Datalogix has access to shopping data with a total volume of two trillion dollars. (Note: the German text says Billion which in American English equals trillion. Unless the original data was wrongly translated into German then this indeed refers to trillion and not billion) This is where it gets interesting. According to the linked article officially the datasets these companies exchange with Facebook and vice versa are anonymized. E-mail addresses, phone numbers and names are represented by a hash, but allegedly the hash is created on all sides by the same algorithm so that the hash data can be matched combining profile data between Facebook and the other companies and effectively circumventing the anonymization. Then there's Atlas a company Facebook bought two years earlier in 2013 from Microsoft. According to the article somewhere in Facebook's TOS it is stated that Atlas has full access to all data of it's 1.4 billion user base (plus all the shadow profiles Facebook maintains, obviously.) The point of Atlas is to reportedly enable user tracking when people are not logged in to Facebook, be it through the traditional cookie, or machine ids from smartphones, smart tvs, automobile satnavs or fitness bracelets. That was in 2015. Fast forward to 2020. On September 18th a blogpost appeared focussing on Facebook's newly announced Project Aria dubbed 'Google maps for your entire life'. I'll leave you with two money quotes: Quote:
Quote:
|
Tags |
block facebook pf |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
facebook network issue | damageG | OpenBSD Security | 18 | 13th May 2020 09:53 PM |
What Facebook Knows About You | e1-531g | News | 6 | 3rd January 2017 12:10 AM |
NSA Joke: US Military Intervene over Facebook Event | J65nko | News | 0 | 17th July 2013 08:45 PM |
Facebook, the new phishing target | J65nko | News | 3 | 16th May 2010 04:14 PM |
Facebook's PHP compiler | J65nko | News | 9 | 5th February 2010 02:09 PM |