PfblockerNG Setup

PfblockerNG is a pretty cool package that you can use in pfsense that will do some basic ad blocking via DNS on your LAN. It can use IP lists as well as the traditional domain lists that you may be familiar with if you use services like pihole.   

Install

The install for pfblocker is pretty simple, go to System > Package Manager > Available Packages, and in the search bar type "pfblocker" from there you should see the pfBlockerNG-devel package, click the green install check and boom, you have it installed. 

Setup

After the install we can actually do the setup, its easiest to simply do a clean install when youre setting up pfBlocker even if you have a previous install just as a refresher on the options available. 

1.  Go to Firewall > pfBlockerNG > Wizard 

   1. Step 1: Acknowledge the pfBlockerNG Components page by clicking Next.

   2. Step 2: In your IP configuration ensure your  WAN Interface is set to inbound and any devices you want to filter on as outbound.

   3. Step 3: The Component Configuration should be fine the way it is with the defaults just make sure the VIP Address doesn't collide with any subnets you're using.

   4. Step 4: Click Finish to finalize.

2. I don't like the fact that the crons are scheduled so frequently so I typically go to General > CRON Settings and change it to Once a Day theres no need for me to update my blocklists multiple times a day. 

3. From there go to IP  and enable Floating Rules  and Kill States. 

   1. Floating Rules: Creates a singular rule for multiple interfaces

   2. Kill States: Kills the current state of any active connections that end up on a block list.

4.  Go to DNBSL > DNSBL Configuration and enable the Permit Firewall Rules for your LAN interfaces. 

5. Go to Feeds and look for OISD, click the plus icon to add the feed and turn the state of the OISD list to ON, After that in Settings change the Action to Unbound, finally scroll to the bottom and click save. 

   1. If youre looking to save some resources, you can change the feed from https://dl.oisd.nl to https://small.oisd.nl 

6. Go to Update, change  Select 'Force' option to Reload and run the update. And boom, you're done