What is pfSense?
pfSense is an open source firewall distribution, it is designed to sit on physical of virtual hardware in place of any “off the shelf” router and gives you a lot more control over your network.
It is free to use and can be downloaded from here
At home I recently ditched my EdgeRouter Lite for a pfsense installation running from a VMware ESXI virtual machine on a HP microserver. For redundancy (and because it looks cool) I have a Watchguard XC170 that I found on eBay for cheap.
Needless to say the both machines are a similar spec and run the latest pfSense absolutely perfectly. They handle 4 VLAN’s, several LAN to LAN VPN’s and get stuck into some serious caching.
The icing on the cake would be some sort of automated advertisement blocking system… and this got me thinking!
pfSense already has packages that block ads!
The package manager has both pfBlockerNG and squidGuard available.
I tried these but they felt over complicated for my needs, I wanted something light weight that I can set and forget, I didn’t want to go down the routes of a third party ad blocking plugin either, as well… you know what happened with AdBlock…
Whilst this guide is specifically targeted to pfSense users, any system which runs the Unbound service will be able to work in the same way.
- I want to block all known advertising/shock site domains through the pfSense DNS resolver to create a cleaner browsing experience
- The block should be done using DNS at router level, meaning it covers all present and future devices on the network and doesn’t rely on third-party plugins or complicated configurations for each individual device
- The block list should update often from various sources and be downloaded regularly to pfSense without me having to do anything – true set and forget!
- No complicated packages should need to be installed on the operating system, it should use software already built into pfSense (tools which are available with most Linux distro as standard)
The instructions below will download a fresh resolver config whenever pfSense boots:
- Head to System > Package Manager > Available Packages and install Shellcmd
- Now go to Services > Shellcmd and click Add, leave the type as shellcmd, add an optional description then copy the following into the Command box:
curl --url http://core.nerdkey.co.uk/pfsense/resolver-ads.conf -o /etc/resolver.conf > /dev/null
- Finally, head to Services > DNS Resolver and click Display Custom Options, type the following into the Custom options box then press Save and apply the changes:
That’s it – you’re all set! Give your pfSense box a reboot and enjoy an ad free world!
To make sure everything has been setup properly, trying visiting a website known for over the top advertising, such as SpeedTest.net
I’m using a fresh install of Google Chrome with pfSense configured as above, check out the results below!
If you are still seeing advertisements, try:
- Clearing your DNS cache.
- Make sure your devices DNS is pointing to your pfSense router
- Make sure the DNS resolver is enabled and the custom option is set correctly
Failing that, get in touch using the email address below and I’ll have a look
The latest database features 31, 731 known domains, sourced from various freely available lists including:
- EasyList.to – used by AdBlock
- EricZhang.me – used to block Spotify ads
- If the resolver config file isn’t in place then the Unbound service won’t start
- HTTP requests are redirected to pixel.nerdkey.co.uk leaving a blank space behind, meanwhile HTTPS requests throw certificate error
At the moment this is just a personal project that I thought others may find useful, who knows though, depending on the popularity, there may be scope for blocking categories of websites, such as social media, adult sites etc
If you find any websites which aren’t blocked, find websites which don’t load correct, or have any other questions please email [email protected]
Finally, this is essentially a DNS level block and nothing more, use it at your own risk, no warranty or guarantee implied.