For most corporate network, social network are not allowed, and since facebook is one of the most popular social network site, it continuously add new IP address frequently. So blocking IP known to you alone is not enough. Here’s a better way to block IP owned by facebook (Only if you wish to block it in your network) #> /usr/bin/whois -h whois.radb.net '!gAS32934' | head -n -1 | tail -n -1 | /usr/bin/xargs --max-args=1 | /usr/bin/xargs -I {} --max-args=1 /sbin/iptables -t mangle -I POSTROUTING -d {} -j DROP