Dang Hoang Viet (HarryDang) : How To Use Pfblocker-NG locked un-want domains on Pfsense.

For more information pfBlockerN: https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html

Pfsense version: 2.4.5-RELEASE-p1
pfBlockerNG version: 2.1.4_22

1. Requirement note:

We use DNSBL in Pfblocker-NG to filtering content with DNS, so pfSense (LAN address) should be the default DNS server which pointed into your client. If you dont want use pfsense as default dns server of client, you should config forwarder directly to Pfsense on your DNS server. In my case, i will use pfsense as DNS server for my client :) .

I assume everything is work normal, you can read in my previous post to do that.

2. Config Pfblocker-NG on Pfsense:

Step 1: Install pfBlockerNG:

Go To System > Packet Manager > Available Packages > search pfBlockerNG > Click Install

Step2: Config DNS Resolver:

Go to Services > Select DNS Resolver ( default DNS Resolver has enable after installed Pfsense )

I keep everything is default & for simple, i just add Host Overrides & Domain Overrides to tell pfsense lookup our local DNS
Don't forget allow your LAN network in Access List tab of DNS Resolver

Step3: Config pfBlockerNG:

Go to menu Firewall > Select pfBlockerNG

I wanna config DNSBL Feeds first so then we navigate to DNSBL > DNSBL Feeds

At DNSBL Feeds windows we click ADD button to define DNS GROUP that we wanna block

For DNSBL Settings:
I use List of all hosts file with 15 variants at here: https://github.com/StevenBlack/hosts

Next we need to config and enable DNSBL:

Go back to General Tab to enable pfBlockerNG:

MaxMind License Key : you can register to get license MaxMind at here: https://www.maxmind.com/en/geoip2-services-and-databases
I often use Geoip in case: we have some public servers under pfsense but we want to reject access to there servers from some location around in the world