Facebook currently has 2 IP networks: 1. 66.220.144.0/20 2. 69.63.176.0/20 Steps for a Firewall block of Facebook (as opposed to MECguard): Step 1: Create two "Closed Port" rules with the following settings: Rule 1: Description: Facebook Rule Chain: FORWARD Source Type: Firewall Group Source Group: LAN (or whatever group you want blocked) Destination Type: IP/Hostname Destination IP/Hostname: 66.220.144.0/20 Protocol: TCP Closed Ports: 80,443 Rule 2: Description: Facebook Rule Chain: FORWARD Source Type: Firewall Group Source Group: LAN (or whatever group you want blocked) Destination Type: IP/Hostname Destination IP/Hostname: 69.63.176.0/20 Protocol: TCP Closed Ports: 80,443 On Fri, Apr 8, 2011 at 11:14 AM, Eric R. Warren <[log in to unmask]> wrote: > That's a useful trick! Would you mind sharing those Facebook-blocking > settings with us? > > Eric > MSAD 45 > > -----Original Message----- > From: Joebox User [mailto:[log in to unmask]] On Behalf Of Ray Soucy > Sent: Friday, April 08, 2011 11:08 AM > To: [log in to unmask] > Subject: Re: Joebox Updates > > Linda, > > If you were using the old "MECguard SSL" it would no longer be active > after the upgrade (to my knowledge only a handful of people were > trying to use it because of all the browser errors it would generate). > > The "Force MECguard SSL" option will block SSL requests unless made > using a proxy server, but requires that browsers know about the proxy > server (as described in the MECguard notes I posted a few days ago). > > Other than that, it shouldn't have changed. > > I've created two "Closed Port" rules in your Firewall that will block > web access to the Facebook IP networks, but left them disabled. You > can enable these rules and restart your firewall if you want to start > blocking access to Facebook over HTTPS. > > I've noticed that you only have one Group for MECguard. If you block > Facebook using the Firewall you might want to create a "Teachers" > group with the IP addresses of teacher PCs so you can create a rule to > not block Facebook for those users. > > Because you're running a "LOW" Firewall policy, you'll need to apply > the 12.1 software update before Open Port rules to do this will work, > the Software Update can be run at any time. > > Feel free to give support a call if you'd like us to do any of this > for you: 1-888-367-6756 > > Sorry about any disruption... The upgrade was a major change and > required a manual process to apply. Future updates will be provided > through the Software Update tool and be left up to you to apply. > > On Fri, Apr 8, 2011 at 9:38 AM, Linda Chaisson <[log in to unmask]> > wrote: >> Ray: >> Previously our students couldn’t get to facebook by adding the s to http > and >> now they can. Was anything changed? >> Thanks, >> Linda >> >> >> >> On 4/6/11 1:24 PM, "Ray Soucy" <[log in to unmask]> wrote: >> >> We realize that for many of you it seems like you just upgraded, but >> some of you have been running the code for over a month and have found >> a bug or two. We have a minor update available. >> >> Feel free to apply this update using the "Software Update" tool on the >> Joebox at your convince. This is a non-critical update and can be >> applied at any time. >> >> As always, if you need help running the Software Update utility, or >> encounter any problems, please give us a call: 1-888-367-6756 >> >> New packages are labeled 12.1. >> >> Change Log: >> >> 1. A "Reinitialize Firewall" button has been added to the Firewall >> options page. This button does a forced restart of the Firewall >> service (all rules are flushed and re-added) to recover from the >> Firewall Engine becoming out of sync. If you run into a situation >> where using this button is the only way to "fix" your Joebox please >> contact us so we can take a look at your configuration and track down >> the invalid rule that is causing problems. >> >> 2. Port Forward rules with protocol "IP" weren't ignoring port fields >> (causing invalid rules). This is now fixed. >> >> 3. Open Port rules were not being applied when a Firewall policy level >> of LOW was in use. They should now be applied correctly. >> >> 4. In isolated circumstances, some traffic making use of TCP window >> scaling was being marked as INVALID by connection state tracking and >> being dropped by the Firewall. This was found to be affecting less >> than 1% of traffic. This should now be fixed, as TCP window size is >> no longer used to determine packet validity. >> >> 5. Minor update to SNMP to facilitate changes in Joebox monitoring by >> Networkmaine. >> >> 6. Minor UI update to fix changing of static route to be applied without >> reboot. >> >> 7. Minor UI update to allow DHCP service to be disable if in a failed >> status (e.g. enabled without a valid configuration), mostly to get rid >> of the "red" status indicator for sites not using DHCP on the Joebox. >> >> Linda Chaisson >> Technology Coordinator >> Regional School Unit 16 >> C/O PRHS - 1457 Maine Street >> Poland, ME 04274 >> 207-998-5400 Ext 103 >> [log in to unmask] >> >> > > > > -- > Ray Soucy > > Epic Communications Specialist > > Phone: +1 (207) 561-3526 > > Networkmaine, a Unit of the University of Maine System > http://www.networkmaine.net/ > -- Ray Soucy Epic Communications Specialist Phone: +1 (207) 561-3526 Networkmaine, a Unit of the University of Maine System http://www.networkmaine.net/