Well,

Here is the best way (I mean the BEST) way to do it.

Do not block facebook completely, but rather create schedules when you allow people to access it. For me, I suggest the following sched:

0000 - 0800 (Timeafterwork)

1300 - 1359 (TimeLunch)

1630 - 2300 (TimeafterHours)

Install squid on the pfSense box and define time ACLs as well as dstdomain ACLs and time the two together.

The destdomain ACLs can include all other sites I refer to TimeWastageSites (office time of course) :-)

You have to put in place provisions for the head honcho and his/her henchpeople to be allowed access all the time though!

You use ARP based ACL for that.

Besides that, you can also use the squid as web cache and control streaming - which consumes much bandwidth.

That's how I've done it in the few sites where I run pfSense.

Just my 2 cents.

On 8 July 2013 15:10, Chege <compulinekenya@gmail.com> wrote:

Hii All,
Anyone who has successfully blocked Facebook with above ..including https://

Rgds

Chege

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke

--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."