Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
facebook ip list
31.13.24.0/21
31.13.64.0/19
31.13.64.0/24
31.13.69.0/24
31.13.70.0/24
31.13.71.0/24
31.13.72.0/24
31.13.73.0/24
31.13.75.0/24
31.13.76.0/24
31.13.77.0/24
31.13.78.0/24
31.13.79.0/24
31.13.80.0/24
66.220.144.0/20
66.220.144.0/21
66.220.149.11/16
66.220.152.0/21
66.220.158.11/16
66.220.159.0/24
69.63.176.0/21
69.63.176.0/24
69.63.184.0/21
69.171.224.0/19
69.171.224.0/20
69.171.224.37/16
69.171.229.11/16
69.171.239.0/24
69.171.240.0/20
69.171.242.11/16
69.171.255.0/24
74.119.76.0/22
173.252.64.0/19
173.252.70.0/24
173.252.96.0/19
204.15.20.0/22
@mattkeenan

This comment has been minimized.

Copy link

mattkeenan commented Aug 13, 2016

On Linux if you have iptables and ipset installed you can put the contents of the above gist into a file (say /var/tmp/facebook-nets) and then you can do the following;

# ipset create block-facebook-nets hash:net
# for net in $(cat /var/tmp/facebook-nets) ; do ipset add block-facebook-nets $net ; done

NOTE: you may get warnings / errors that some of the nets are already included, you can ignore these types of errors

# iptables -A OUTPUT -m set --match-set block-facebook-ips dst -j REJECT

NOTE: this blocks all outbound traffic from your machine to facebook (i.e. your browser trying to load facebook pages or widgets / sharing tools)

# iptables -L OUTPUT -nv
Chain OUTPUT (policy ACCEPT 1212 packets, 145K bytes)
 pkts bytes target     prot opt in     out     source               destination
   0     0   REJECT    all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set block-facebook-ips dst reject-with icmp-port-unreachable

You can also block packets coming in from facebook's networks but this would almost never happen without an outbound connection first.

@kingofnull

This comment has been minimized.

Copy link

kingofnull commented Jan 21, 2017

There is complete list of facebook ips in CIDR format :
http://ipinfo.io/AS32934

@benmork

This comment has been minimized.

Copy link

benmork commented Jun 30, 2017

@weber93

This comment has been minimized.

Copy link

weber93 commented Sep 20, 2017

If you are like me and found this trying to filter out FB from Google Analytics this will do the trick.

https://gist.github.com/weber93/2decc1b2f255978dd66e7598f8553327

@Corepany

This comment has been minimized.

Copy link

Corepany commented Oct 3, 2017

This do the trick (from stackoverflow)
whois -h whois.radb.net -- '-i origin AS32934' | grep ^route

I tested, it also blocks instagram

@chuleva

This comment has been minimized.

Copy link

chuleva commented Oct 13, 2017

Please add 31.13.114.65/24 to the list.

@peterver

This comment has been minimized.

Copy link

peterver commented Feb 21, 2018

@Corepany I wouldn't use that command as for some reason not all Facebook servers are returned through this :/. For example 31.13.113.90 ( from the Facebook Ireland datacenter ) is not included in this. So any whitelist will be incorrect.

@tjeb

This comment has been minimized.

Copy link

tjeb commented Jul 11, 2018

@peterver Not sure whether it did back in February, but the whois output includes 31.13.96.0/19 now, so at least 31.13.113.90 is also covered. More importantly, that output also includes IPv6, which the list here sorely lacks.

@torking

This comment has been minimized.

Copy link

torking commented Oct 31, 2018

31.13.114.65/24

@workingJ

This comment has been minimized.

Copy link

workingJ commented Jan 18, 2019

you can try this in case you have windows
block_facebook

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.