[c-nsp] How to prevent https facebook from the cisco router 1841

Pierre Emeriaud petrus.lt at gmail.com
Thu Nov 14 12:45:35 EST 2013


> i need to prevent users to open Facebook https traffic from my router cisco
> 1841
>
> i can put it as ip but is there any thing else because the ip way not
> efficient

What about null-routing all advertised prefixes (32) from Facebook AS?

$ whois -h asn.shadowserver.org prefix 32934 | awk -F" " '{print "ip
route " $1 " null0"}'
ip route 31.13.24.0/21 null0
ip route 31.13.64.0/24 null0
...

Rinse & repeat every couple of months.



--
pierre


More information about the cisco-nsp mailing list