Blocklist of all Facebook domains

Not the way I&#x27;d do it, since you can easily miss on some new domain that belongs to facebook (or perhaps some server that does not look like it belongs to facebook in the first place, but it is sitting in their assigned subnets).<p>If you really want to block all traffic from&#x2F;to facebook, lookup the IP prefixes associated with their AS number(AS32934), and setup your firewall to block those. If you are using PF, tables are your friend. With netfilter, consider using ipset.

It&#x27;s inefficient to specify a large number of hosts in the facebook.com domain instead of blocking the whole domain.<p>For this, you can run dnsmasq and use the &quot;--address&quot; option or &quot;address&quot; command in dnsmasq.conf:<p><pre><code> $ man dnsmasq [...] -A, --address=&#x2F;&lt;domain&gt;&#x2F;[domain&#x2F;]&lt;ipaddr&gt; Specify an IP address to return for any host in the given domains. Queries in the domains are never forwarded and always replied to with the specified IP address which may be IPv4 or IPv6. To give both IPv4 and IPv6 addresses for a domain, use repeated -A flags. Note that &#x2F;etc&#x2F;hosts and DHCP leases over‐ ride this for individual names. A common use of this is to redi‐ rect the entire doubleclick.net domain to some friendly local web server to avoid banner ads. The domain specification works in the same was as for --server, with the additional facility that &#x2F;#&#x2F; matches any domain. Thus --address=&#x2F;#&#x2F;1.2.3.4 will always return 1.2.3.4 for any query not answered from &#x2F;etc&#x2F;hosts or DHCP and not sent to an upstream nameserver by a more spe‐ cific --server directive.</code></pre>

Alternatively you can use Adblock to block it.<p><a href="https:&#x2F;&#x2F;secure.fanboy.co.nz&#x2F;fanboy-antifacebook.txt" rel="nofollow">https:&#x2F;&#x2F;secure.fanboy.co.nz&#x2F;fanboy-antifacebook.txt</a><p>Disclaimer, list Author.

If you&#x27;re blocking Instagram, shouldn&#x27;t you be blocking the Oculus Rift site (and any subdomains) too?

No need do this, come to China prepared everything for you like this.

This does just the same: <i>.facebook.com </i>.facebook.com <i>.fbcdn.com </i>.fbcdn.net <i>.facebook.com.edgekey.net </i>.facebook.com.edgesuite.net <i>.instagram.com </i>.instagramstatic-a.akamaihd.net <i>.instagramstatic-a.akamaihd.net.edgesuite.net </i>.cdninstagram.com <i>.tfbnw.net </i>.whatsapp.com <i>.fbsbx.com facebook-web-clients.appspot.com </i>.fb.me fbcdn-profile-a.akamaihd.net h-ct-m-fbx.fbsbx.com.online-metrix.net ac-h-ct-m-fbx.fbsbx.com.online-metrix.net

I&#x27;ve been blocking facebook for years (nowhere near as comprehensive as this list though).<p>Many of the most unfortunate problems with these sites are social in nature rather than technical. For example, no matter how much I plead with people not to, they keep uploading information about me to these type of sites, including photographs with timestamps and GPS location metadata, which they then &quot;tag&quot; my face as being me.<p>I don&#x27;t have any idea how much of this information is even out there, since these sites require signing up in order to find out. Maybe I should look into my rights under data protection legislation...

Would wildcard support in hosts files be too heavy for the performance needed? Most of these are subdomains that *.facebook.com would have blocked.

I can understand the multiplication of sub domains, to be able to use multiple connections. But what&#x27;s the rationale for the multiplication of domain names? Ad blocker avoidance?

I just want to say &quot;Privacy matters, thanks you&quot; (even more when FB decided to leverage their like&#x2F;share button for a global ad netwotk) :-) non tech saavy guys may love a simple .sh &#x2F; .bat to automatically add those entries to the &#x2F;etc&#x2F;hosts on windows &amp; unix

I&#x27;m sorry, I&#x27;ve been away for a couple of hours... What happened ?<p>Why should I (we) block all facebook domains ?

Will there be a point where the government will step in or is all of this tracking within fair use of non-logged in Facebook users visiting a website?

Should you not also include `::` IPv6 entries?

With the help of a couple of prefix aggregation tools [1] [2], the BASH shell, and the RIPE database, it is straightforward to block any Autonomous System with, e.g:<p><pre><code> $ ASN=32934; for IP in 4 6; do \ whois -h riswhois.ripe.net \!${IP&#x2F;4&#x2F;g}as${ASN} |\ sed -n &#x27;2 p&#x27; | tr \ \\n | aggregate${IP&#x2F;4&#x2F;} |\ while read NET; do echo ip${IP&#x2F;4&#x2F;}tables -I OUTPUT -d ${NET} -j REJECT;\ done; done </code></pre> (note this command uses <i>echo</i> to show the command it could execute)<p>[1] aggregate <a href="http:&#x2F;&#x2F;packages.ubuntu.com&#x2F;source&#x2F;xenial&#x2F;aggregate" rel="nofollow">http:&#x2F;&#x2F;packages.ubuntu.com&#x2F;source&#x2F;xenial&#x2F;aggregate</a><p>[2] aggregate6 <a href="https:&#x2F;&#x2F;github.com&#x2F;job&#x2F;aggregate6" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;job&#x2F;aggregate6</a>

I&#x27;m wondering ... what&#x27;s the best approach to automatically collect all domains of a company?

Oh wow, I didn&#x27;t know it were that many, I had like 20 in my hosts file. Thanks!

Aside from being easier to automate, getting IP&#x27;s via the ASN lookup is also better for blocking HTTPS requests when you are MITM, since the HTTPS request will only contain the IP and not the FQDN.<p>Also, many firewalls do a 1-time DNS lookup of a given FQDN to resolve a single IP address when a FQDN based rule is created. This doesn&#x27;t work well if you have an FQDN that can resolve to many different IP&#x27;s, which is typical for cloud services.

Isn&#x27;t Ghostery a better solution for something like this? If we are talking about browsers that is.

Slightly off topic: It would be nice to have some kind of extension for Chrome that blocks all Time-Wasting websites with one click. Has anyone seen something like that?

Did you add the Facebook Tor Onion address?<p>facebookcorewwwi.onion<p>Might as well make it a complete block. Make sure those creative types don&#x27;t find that last alternate path to FB.

This list is missing the very obvious messenger.com

It is faintly terrifying just how long the list is.

Do you how to apply this just for my user on OS X? My partner is heavy FB user and I don&#x27;t want to block her...

Im going to start trying this out. Awesome. Also as marios said block AS32934&#x27;s networks.

Any idea of an easy&#x2F;quick way to toggle these edits on&#x2F;off on Ubuntu?

&gt;On Windows 7, the default AV security scan will try to remove the # facebook.com entry<p>Wat?

So awesome. Facebook: Server not found

IMHO the only way to block things efficiently is via a proxy these days, IP&#x2F;domain-based blocking are not reliable or efficient.

Thank you! Now I can censor, too

Honest question because I seriously don&#x27;t know: Is facebook really worse than google when it comes to privacy?<p>I kind of wonder who exactly are the people telling everyone to block facebook everywhere while everyone seems to collectively ignore google.<p>Google and facebook seem to both purposely ignore the known implications of their data collection programs. They likely have handed over data to the NSA, and we know they sell the data.

This is awesome. Facebook needs to go to the graveyard with friendster, myspace and AOL.

dramatic and useless.

I would actually do it for Google. But, we all know we have became to dependent on them.

Who really cares?