Blocking Facebooks networks on ASA firewall

If web site owners embedd a facebook like button, personal data is transferred to facebook and those web sites violate against Europe's GDPR laws. To protect myself from other web sites illegal GDRP violations I implemented an access controll list for facebook's network ranges on my ASA firewall.

To get all IP ranges (in this case legacy IPv4 ranges) I am going to query with whois facebook's Autonomous system number AS32934. The commandline below will give me all IPv4 ranges assigned to facebook.


~$ whois -h whois.radb.net -- '-i origin AS32934' | grep 'route:'
route:      69.63.176.0/20
...and so on...
Whois lookup for facebook's AS32934

Based on above network list (about 90 network ranges) I can build up an Access Control List like this:


name 69.63.176.0 zzz-facebook.69.63.176.0-20
...and so on...
object-group network grp-facebook-networks
  network-object object zzz-facebook.69.63.176.0-20
  ...and so on...
access-list inside_access_in extended deny ip object [LOCAL-NETWORK]
  object-group grp-facebook-networks
Building ACL to block facebook's IPv4 ranges

For background information see (in german) Verbraucherzentrale: EuGH-Generalanwalt äußert sich zum Like-Button... and WBS Rechtsanwaelte: Facebook Like Button vor dem EuGH... or in english The Register: Facebook Like, social sharing buttons on your website may land you in GDPR hot water...'

Search my web site