How to block a whole company Facebook IP addresses

Imre Kis

2023-12-26 11:57

#12 How to block a whole company behind a website ?

Process is to get the company website name in browser address bar, then ping or similar network tool to get the IP address of the website. From the IP address we get the autonomous system number by using a RaDB query . The use this AS number to get a list of IP adresses to make a ipset . Then use this ipset to make a iptables rule to block a whole .

First, you will need to find the provider's autonomous system number (AS number).

Autonomous System (AS) is a group of one or more IP prefixes (lists of IP addresses accessible on a network) run by one or more network operators that maintain a single, clearly-defined routing policy. Network operators need Autonomous System Numbers (ASNs) to control routing within their networks and to exchange routing information with other Internet Service Providers (ISPs).

Go to the RaDB Routing Assets Database whois like interface at https://www.radb.net/query?advanced_query=1&keywords=149.154.167.99&-T+option=&ip_lookup=1&ip_option=&-i+option=

https://www.radb.net/query

Go to the website which you want to block and copy the basename such as https://www.facebook.com/

Open a terminal window and get the IP address of the URL .

ping facebook.com

You will see the IP address such as 149.154.167.99 .

Use the IP address as advanced query such as :

route:          149.154.160.0/20
descr:          Telegram Messenger LLP
origin:         AS62041
mnt-by:         MNT-TELEGRAM
created:        2014-03-21T05:14:59Z
last-modified:  2014-03-21T05:14:59Z
source:         RIPE

We need : origin: AS62041 this is the AS number. ( autonomous system number )

Install few packages we need iptables etc,

sudo apt install ipset iptables netfilter-persistent ipset-persistent iptables-persistent

Create an ipset

$ sudo ipset create fbblock nethash

Test the whois query

whois -h whois.radb.net '!gAS62041'

Add all IPs from the AS number to fbblock ipset

sudo for ip in `whois -h whois.radb.net '!gAS32934' | grep /`; do  ipset add fbblock $ip; done

Add lines to /etc/ufw/after.rules :

# block facebook
-I INPUT -m set --match-set fbblock src -j DROP

# block telegram
-I INPUT -m set --match-set telegramblock src -j DROP

maybe you need to restart networking, etc,

# systemctl restart networking

# iptables -L | ag block                                                                   │
DROP       all  --  anywhere             anywhere             match-set telegramblock src              │
DROP       all  --  anywhere             anywhere             match-set fbblock src                    │