Version 1 (modified by 6 years ago) ( diff ) | ,
---|
pfBlockerNG
pfBlocker-NG introduces an Enhanced Alias Table Feature to pfSense. This Allows, assigning many IP address URL lists to a single alias and then choose a rule action. Blocking countries and IP ranges, DNS lists is easy with pfBlocker.
To Install go to Package Manager and search and install pfBlocker-NG. This will take some time to install
Once Installed goto Firewall > pfBlockerNG for settings.
On pfBlockerNG settings, General Page, tick Enable and Save.
Next go to Update tab and click Run, this will update default lists.
To block IP blocks based on country go to GeoIP tab and select country/s and their List Action accordingly and Save.
To block a custom IP block, goto IPv4 or IPv6 and click +Add
- Give an Alias
- Discription
- URL to a IP subnets list or go to Custom List and enter manually.
- List Action, whether to block or not, whether it is inbound or outbound, etc.
- If it is a URL list, give a update frequency
Block traffic based on DNS
Modern traffic filtering becomes uneasy due to encryption methods, therefore the easiest way in filtering them is to block the DNS. But there should be some requirements for that,
- All devices in the network should resolve DNS from pfsense. You have to block accessing public DNS resolvers by your clients. eg: write a block rule on DNS ports for outgoing traffic from your LAN.
- Need to maintain updated DNS list of unwanted domains.
To accomplish the second point above we will associate some publicly available community maintained dns block lists based on content category.
You can find some of these links from