Facebook IP address ranges

I just did this with my sonicwall ( it let's me use fqdn but only one wildcard level) and it was a pain just to track most of that down. Most of them go to various google and aikami sub sub domains. And each of those is an ip pool.

Anyway, if you want to try my way is to use firefox with firebug. The net tab shows all the connections when you load a page. Sort by size.  

The amount of time and work required to first compile that list of IP's, then keep it updated, is most likely just not worth it.

Aaron's suggestion of using firebug is probably your best bet for the initial list, however keeping that maintained and updated will turn out to be a lesson in futility.

I was pleasantly surprised to find this ability in my sonicwall. Maybe get a low end model just for this purpose? My tz210 was under $600

Aaron do you mean the ability to use the wildcard URL's?  Yeah that would make this much much easier than having to go by IP's only...  It would probably actually make all of your time worth it ;)

Basically you make an address object for each fqdn, then add them all to a group. I called mine "annoying websites". Then you make a lan->wan rule to allow these websites above the allow all. Edit the rule and enable the bandwidth management. If you want to block them entirely, you can set bandwidth to 0 or make a block rule.
Since it's a firewall rule you can make it active for any address object (ip range, single computer, subnet, etc...) So I could easily allow some computers and not others. I was really surprised I had something with this kind of power.
 

Thank you very much guys, I appreciate your help.  Very impressive the flexibility of SonicWall managing traffic, it's a shame we can't count on Watchguard to solve this.  I hope some day they do something about it.

Thank you both.