pfSense Ad Blocker

What is pfSense?

pfSense is an open source firewall distribution, it is designed to sit on physical of virtual hardware in place of any “off the shelf” router and gives you a lot more control over your network.

It is free to use and can be downloaded from here

My setup

At home I recently ditched my EdgeRouter Lite for a pfsense installation running from a VMware ESXI virtual machine on a HP microserver. For redundancy (and because it looks cool) I have a Watchguard XC170 that I found on eBay for cheap.

Needless to say the both machines are a similar spec and run the latest pfSense absolutely perfectly. They handle 4 VLAN’s, several LAN to LAN VPN’s and get stuck into some serious caching.

The icing on the cake would be some sort of automated advertisement blocking system… and this got me thinking!

pfSense already has packages that block ads!

The package manager has both pfBlockerNG and squidGuard available.

I tried these but they felt over complicated for my needs, I wanted something light weight that I can set and forget, I didn’t want to go down the routes of a third party ad blocking plugin either, as well… you know what happened with AdBlock…

Whilst this guide is specifically targeted to pfSense users, any system which runs the Unbound service will be able to work in the same way.

The goal

  • I want to block all known advertising/shock site domains through the pfSense DNS resolver to create a cleaner browsing experience
  • The block should be done using DNS at router level, meaning it covers all present and future devices on the network and doesn’t rely on third-party plugins or complicated configurations for each individual device
  • The block list should update often from various sources and be downloaded regularly to pfSense without me having to do anything – true set and forget!
  • No complicated packages should need to be installed on the operating system, it should use software already built into pfSense (tools which are available with most Linux distro as standard)


The instructions below will download a fresh resolver config whenever pfSense boots:

  1. Head to System > Package Manager > Available Packages and install Shellcmd
  2. Now go to Services  > Shellcmd and click Add, leave the type as shellcmd, add an optional description then copy the following into the Command box:
    curl --url -o /etc/resolver.conf > /dev/null
  3. Finally, head to Services > DNS Resolver  and click Display Custom Options, type the following into the Custom options box then press Save and apply the changes:

     include: /etc/resolver.conf

That’s it – you’re all set! Give your pfSense box a reboot and enjoy an ad free world!


To make sure everything has been setup properly, trying visiting a website known for over the top advertising, such as

I’m using a fresh install of Google Chrome with pfSense configured as above, check out the results below!


If you are still seeing advertisements, try:

  • Clearing your DNS cache.
  • Make sure your devices DNS is pointing to your pfSense router
  • Make sure the DNS resolver is enabled and the custom option is set correctly

Failing that, get in touch using the email address below and I’ll have a look


The latest database features 31, 731 known domains, sourced from various freely available lists including:

  • – used by AdBlock
  • – used to block Spotify ads


  • If the resolver config file isn’t in place then the Unbound service won’t start
  • HTTP requests are redirected to leaving a blank space behind, meanwhile HTTPS requests throw certificate error

Future Plans

At the moment this is just a personal project that I thought others may find useful, who knows though, depending on the popularity, there may be scope for blocking categories of websites, such as social media, adult sites etc


If you find any websites which aren’t blocked, find websites which don’t load correct, or have any other questions please email [email protected]

Finally, this is essentially a DNS level block and nothing more, use it at your own risk, no warranty or guarantee implied.