Blocking social media

There are literally thousands of posts about this topic, of which less than 10% still function. This is a very, very common question, and I believe there should be something like a sticky topic for this with definitive, updated answers to the real questions from management :slight_smile:

Can social media over HTTPS be blocked in transparent mode, and how? I am one of thousands of people that have spent weeks on this, editing hosts files, creating rules, modifying IPTables… and no favorable result to show for the effort. Most posts are outdated or lack explanations or examples and some are simply just theory.

To switch over to normal proxy mode is really impractical because android does not implement proxies properly and every network today has at least 40% android devices on it.


To answer my own question: Yes, it can be done. The good news is that it can in fact be done very easily, with no in depth Linux understanding and for free.

I think the previous forum entries kind of miss the point here. It doesn’t need to be done ONLY in IPFire. It does however need to be a functional solution that will appease end users.

So here it is:

Step1) Go to and open a free account

step2) Go to |IPFire DHCP settings and make the primary DNS point to:, secondary to

step3) If you have a DHCP internet IP: Download the auto DNS updater here: h**ps://

step4) Login to updater and select network. DNS may take a minute or two to update.

step5) Login here:, click on home tab, then settings, hover over your network and select ‘web content filtering’

  1. Block outbound DNS is perhaps a good idea.

Pros: Quick, easy, free, can be disabled for specific people by making their DNS the IPFire address.

Cons: can be bypassed by selecting IPFire IP as DNS. BUT… it is good enough for MOST scenarios…

Please contribute to this solution.


(Post must be at least 10 characters)

AFAIK not with Ipfire.
Others distro uses nDPI and/or Peek and splice HTTPS proxy approach.