Lance Grover

Lance Grover

pfsense

Posted date:


So, decided to switch firewalls, it was between pfsense, Untangled, or just roll my own linux server as my firewall (I’ve done that before and it gives me the most control of things).

Starting with pfsense, here is some key information for me (if I have to resetup this stuff)

DNS Blocklists https://firebog.net/

pfblockerng https://forums.serverbuilds.net/t/guide-pfblockerng-setup-pfsense-adblocking/1135

IP blacklists https://supratim-sanyal.blogspot.com/2017/04/pfsense-pfblockerng-ultimate-list-of-ip.html

Openphish https://openphish.com/feed.txt

block porn hosts file: https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/porn/hosts

set it and forget it OpenDNS block adult content:

  • 208.67.222.123
  • 208.67.220.123

docs: https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-advanced.html
doc for logging dns: https://docs.netgate.com/pfsense/en/latest/troubleshooting/dns-forwarder.html
But you have to remember:

server:
log-queries: yes

as per here: https://www.ericlight.com/logging-dns-queries-for-both-pfsense-and-zentyal-server.html

another link: https://mitky.com/pfblockerng-pfsense-filter-specific-clients-computers-network/

Also for geoIP: https://www.maxmind.com/en/home

Sorry this was just an explosion of links….not a lot of notes but I remember what each one solved for me ;-)