Use pfSense as Adblock

[Edelrat]

Hello everyone,

 

I am trying to set up my pfSense-box to also block ads.

I have done some research, and tried some configurations with pfBlockerNG, but this did not work at all. I also tried this with squid, but I didn´t have any success either.

 

Does anyone have experience doing this, or know a good tutorial I can use?

 

Thanks in advance!

[njmyers3]

I don't have experience with pfSense, but I would start by blocking connections to doubleclick.net.

[Bittenfleax]

Take a look at this: http://benoliver999.com/technology/2016/02/27/howtoblockadswithpfblocker/

 

I have done this and it works a dream.

 

As they say in the tutorial, you can use https://www.iblocklist.com for a filter list to start with.

[Edelrat]

1 minute ago, Bittenfleax said:

Take a look at this: http://benoliver999.com/technology/2016/02/27/howtoblockadswithpfblocker/

 

I have done this and it works a dream.

 

Takes time to filter out all the ads you want to block. But after a month of putting in blocks here and there, it is great.

I tried this guide, but it didn't really work for me.

Do you mind giving me your list with blocked IPs?

[Bittenfleax]

2 minutes ago, MEOOOOOOOOOOOOW said:

I tried this guide, but it didn't really work for me.

Do you mind giving me your list with blocked IPs?

See the updated post. I used the free ones from that and just the odd one or two custom for ads. I use ad-blocker, but only set it up for fun as there are only 2 users in my house lol.

 

 

[Edelrat]

4 minutes ago, Bittenfleax said:

See the updated post. I used the free ones from that and just the odd one or two custom for ads. I use ad-blocker, but only set it up for fun as there are only 2 users in my house lol.

 

 

I will give it a try later, I don't have time right now

It's the same for me, I am the only one in my network..

 

I will report back later!

[Edelrat]

On 8.11.2016 at 5:32 PM, Bittenfleax said:

See the updated post. I used the free ones from that and just the odd one or two custom for ads. I use ad-blocker, but only set it up for fun as there are only 2 users in my house lol.

 

 

So I tried the link you sent, along with some lists from I-Blocklist, and according to the Web-UI, there are some packets being blocked. But I don't really feel like it changed much when browsing the web. YouTube-ads are still there, for example.

[Bittenfleax]

17 minutes ago, MEOOOOOOOOOOOOW said:

So I tried the link you sent, along with some lists from I-Blocklist, and according to the Web-UI, there are some packets being blocked. But I don't really feel like it changed much when browsing the web. YouTube-ads are still there, for example.

Oh right. I am not too sure about Youtube ads. Like I said before, I still use adblock. I just did it for fun/experience  I might pick it back up soon and have a go at trying it.

[Edelrat]

36 minutes ago, Bittenfleax said:

Oh right. I am not too sure about Youtube ads. Like I said before, I still use adblock. I just did it for fun/experience  I might pick it back up soon and have a go at trying it.

No worries  I am trying to do more for fun and experience than use aswell..

If you have success, or get to know anything new about it, let me know!

[foobar42]

Using IP-based firewall rules to block ad servers is not very efficient, since there are already many hosts lists out there to block ads. I'd recommend using https://github.com/StevenBlack/hosts

You block them by running a caching DNS-resolver on your pfsense box, which by itself will speed up your browsing experience, and use that blocklist as an additional hosts file. Make sure to enable DNSSEC while you are at it, and make sure you upstream your DNS requests to a fast DNS-Server which is not from your ISP and provides DNSSEC and doesn't do NXDOMAIN hijacking. 

You'll also need to make sure that you are announcing the local DNS-Server via DHCP to the clients and that your firewall policies allow your local clients to reach it.

[Bittenfleax]

12 hours ago, foobar42 said:

Using IP-based firewall rules to block ad servers is not very efficient, since there are already many hosts lists out there to block ads. I'd recommend using https://github.com/StevenBlack/hosts

You block them by running a caching DNS-resolver on your pfsense box, which by itself will speed up your browsing experience, and use that blocklist as an additional hosts file. Make sure to enable DNSSEC while you are at it, and make sure you upstream your DNS requests to a fast DNS-Server which is not from your ISP and provides DNSSEC and doesn't do NXDOMAIN hijacking. 

You'll also need to make sure that you are announcing the local DNS-Server via DHCP to the clients and that your firewall policies allow your local clients to reach it.

Nice info. Thanks for sharing  

 

Might try this.