http://whois.domaintools.com/18.104.22.168 (Universal Communications, Reallocated to Detel Wireless, LLC) This doesn't look Facebook to me.
http://whois.domaintools.com/22.214.171.124 (this is directly assigned to Facebook, Inc CIDR range confirmed of 126.96.36.199/20) Translate this range in decimal form to 188.8.131.52 - 184.108.40.206
Which means the third block you've placed (220.127.116.11/32), with a /32 mask is not only never going to matter because it's matching a singular invalid IP, but it's also apart of the greater range you've already blocked. Rule, is redundant and incorrect.
The fourth rule is also false, however it is indeed a range registered to Facebook, Inc. The CIDR is 18.104.22.168/20, this encompasses 22.214.171.124-126.96.36.199. Your rule is invalid and in need of correction.
Yet another CIDR block registered to Facebook, inc. The CIDR you've used is invalid, the registered range is 188.8.131.52/19, decimal range 184.108.40.206 - 220.127.116.11. Your rule is close, but blocking things that may not be Facebook related.
Don't go throwing stuff into the firewall without doing the proper homework. Otherwise you're simply signing up for an unhappy customer when you break random things online.
- NG Firewall
- Solutions by Industry
- Solutions by Issue