Rules

[matrix73]

I am made rule with Alias  hosts facebook.com and de-de.facebook.com
LAN reject
source Lan Net
destination Alias

it work for a while,

than Update 20.1.4  and the rule does not work.Also other self made rules did not worked.

Is that so? After update something does not work always.

[matrix73]

This one works with pfsense, also after reboot, with opnsense does not work.

[stefanpf]

I can confirm, that your example doesn't work.
As I never blocked FB before I can not confirm that this should work as you expect.

It seems to have problems with DNS round Robin, as the same technique works with 'normal' Internet sites that only have one IP per DNS record.

[FingerlessGloves]

When I go to facebook.com, it redirects me to www.facebook.com

When I do a DNS lookup direct to Cloudflare or Google, doing the following "dig www.facebook.com @8.8.8.8", doesn't return all IPs, it only returns one then it changes a few seconds later when I request again. I don't think its an issue with OPNsense really. When websites are behide CDNs, blocking them using alias for the domain becomes tricky.

If you really want to block facebook, go to this url below, to get the IP ranges for Facebook, then create an ALIAS for Facebook Subnets based on the results.

https://developers.facebook.com/docs/sharing/webmasters/crawler


if you wanted to automate the process, maybe use this project to host a API that you can use OPNsense URL host list ALIAS type with. https://github.com/ddimick/asn-to-ip

[hbc]

Just use http://asn.blawk.net/32934 as URL alias to block Facebook ASN.