Block phone app in network firewall?

finsfree · May 30, 2017

This may be a weird question but if someone hops/connects to my wifi from their phone is there a way to block, lets say the facebook app, from connecting to that users facebook account? In other words, block them form accessing their facebook account using my wifi.

The content filter on my network firewall (Zywall USG20) only works with port 80 (http not https).

How does the app connect to the users account? It must use DNS to resolve the name "facebook". I can create an "A" record in DNS to resolve facebook to 0.0.0.0 in which it will work for a PC but I'm guessing if the cellular carrier has their own DNS it will resolve the name.

Phones are different because they are always connected by cellular service.

I want to block users from accessing their facebook account when they are at my house "visiting".

Thx,

voyagerfan99 · May 30, 2017

finsfree said:
I want to block users from accessing their facebook account when they are at my house "visiting".

Simple. Don't give them wifi access.

beers · May 30, 2017

Why facebook specifically?

finsfree · May 30, 2017

beers said:
Why facebook specifically?

Because it is annoying when people come to visit and then whip out their phones to show you something on FB. I'm a techy but too much FB is too much FB.

I don't care about what your friends said about a topic. I'm not into people that much...lol.

beers · May 30, 2017

Eh, they'll just flip over to cellular when it doesn't work.

I feel like you're looking for a technical solution to a social/personal issue.

Geoff · May 30, 2017

finsfree said:
I want to block users from accessing their facebook account when they are at my house "visiting".

You can't. There is nothing you can do, technically, to prevent people from using cellular data on their phones from visiting facebook. You can decide to block it on your network by blocking the website and keywords (or by application if your firewall supports it), but they'd just get upset and switch to cellular.

You need to just lighten up and let family do what they want. Honestly, browsing facebook to show you photos and so forth is pretty standard with lots of families.

Agent Smith · May 31, 2017

Run Pfsense and block all of Facebook's ASN's. But it's futile. They will use 4G/LTE. Not worth your time. You could by a cell phone blocker, but those are illegal.

beers · May 31, 2017

Agent Smith said:
block all of Facebook's ASN

How do you filter via asn if you aren't running bgp?

Agent Smith · Jun 1, 2017

beers said:
How do you filter via asn if you aren't running bgp?

You can block whole swaths of IP addresses in Pfsense. And here are their ASN's.

http://bgp.he.net/AS54115#_asinfo

http://bgp.he.net/AS32934#_asinfo

Control + Copy all IPs.

beers · Jun 1, 2017

Ah, you still aren't filtering via ASN then, it's just a snapshot of what they're advertising via BGP at that time.

If you have a business circuit with full BGP tables you can do a BGP AS ACL and it will drop anything originating from those ASes

Good for people to know where to see prefix lists and stuff though at the he.net looking glass site.

Block phone app in network firewall?

finsfree

Member

voyagerfan99

Master of Turning Things Off and Back On Again

beers

Moderator

finsfree

Member

beers

Moderator

Geoff

VIP Member

Agent Smith

Well-Known Member

beers

Moderator

Agent Smith

Well-Known Member

beers

Moderator