Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
facebook ip list
31.13.24.0/21
31.13.64.0/19
31.13.64.0/24
31.13.69.0/24
31.13.70.0/24
31.13.71.0/24
31.13.72.0/24
31.13.73.0/24
31.13.75.0/24
31.13.76.0/24
31.13.77.0/24
31.13.78.0/24
31.13.79.0/24
31.13.80.0/24
66.220.144.0/20
66.220.144.0/21
66.220.149.11/16
66.220.152.0/21
66.220.158.11/16
66.220.159.0/24
69.63.176.0/21
69.63.176.0/24
69.63.184.0/21
69.171.224.0/19
69.171.224.0/20
69.171.224.37/16
69.171.229.11/16
69.171.239.0/24
69.171.240.0/20
69.171.242.11/16
69.171.255.0/24
74.119.76.0/22
173.252.64.0/19
173.252.70.0/24
173.252.96.0/19
204.15.20.0/22
@mattkeenan

This comment has been minimized.

Copy link

@mattkeenan mattkeenan commented Aug 13, 2016

On Linux if you have iptables and ipset installed you can put the contents of the above gist into a file (say /var/tmp/facebook-nets) and then you can do the following;

# ipset create block-facebook-nets hash:net
# for net in $(cat /var/tmp/facebook-nets) ; do ipset add block-facebook-nets $net ; done

NOTE: you may get warnings / errors that some of the nets are already included, you can ignore these types of errors

# iptables -A OUTPUT -m set --match-set block-facebook-ips dst -j REJECT

NOTE: this blocks all outbound traffic from your machine to facebook (i.e. your browser trying to load facebook pages or widgets / sharing tools)

# iptables -L OUTPUT -nv
Chain OUTPUT (policy ACCEPT 1212 packets, 145K bytes)
 pkts bytes target     prot opt in     out     source               destination
   0     0   REJECT    all  --  *      *       0.0.0.0/0            0.0.0.0/0            match-set block-facebook-ips dst reject-with icmp-port-unreachable

You can also block packets coming in from facebook's networks but this would almost never happen without an outbound connection first.

@kingofnull

This comment has been minimized.

Copy link

@kingofnull kingofnull commented Jan 21, 2017

There is complete list of facebook ips in CIDR format :
http://ipinfo.io/AS32934

@benmork

This comment has been minimized.

Copy link

@benmork benmork commented Jun 30, 2017

@weber93

This comment has been minimized.

Copy link

@weber93 weber93 commented Sep 20, 2017

If you are like me and found this trying to filter out FB from Google Analytics this will do the trick.

https://gist.github.com/weber93/2decc1b2f255978dd66e7598f8553327

@Corepany

This comment has been minimized.

Copy link

@Corepany Corepany commented Oct 3, 2017

This do the trick (from stackoverflow)
whois -h whois.radb.net -- '-i origin AS32934' | grep ^route

I tested, it also blocks instagram

@chuleva

This comment has been minimized.

Copy link

@chuleva chuleva commented Oct 13, 2017

Please add 31.13.114.65/24 to the list.

@peterver

This comment has been minimized.

Copy link

@peterver peterver commented Feb 21, 2018

@Corepany I wouldn't use that command as for some reason not all Facebook servers are returned through this :/. For example 31.13.113.90 ( from the Facebook Ireland datacenter ) is not included in this. So any whitelist will be incorrect.

@tjeb

This comment has been minimized.

Copy link

@tjeb tjeb commented Jul 11, 2018

@peterver Not sure whether it did back in February, but the whois output includes 31.13.96.0/19 now, so at least 31.13.113.90 is also covered. More importantly, that output also includes IPv6, which the list here sorely lacks.

@torking

This comment has been minimized.

Copy link

@torking torking commented Oct 31, 2018

31.13.114.65/24

@workingJ

This comment has been minimized.

Copy link

@workingJ workingJ commented Jan 18, 2019

you can try this in case you have windows
block_facebook

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.