Why?
pfBlockerNG provides in addition to your existing FW rules an inbound and outbound filtering against:
- commercial ads
- malicious sites
- cryptominers
- trackers
- botnet viruses
- …
And is very easy to maintain and set up.
Installation steps
Install the package
- Go to System -> Package Manager -> Available Packages -> Search for pfBlockerNG-devel
- Once installed go to Firewall -> pfBlockerNG
- You can go with the automatic installation or skip it and set it up manually
Manual approach
- On the pfBlockerNG -> General page -> enable “pfBlockerNG” and enable “Keep settings”
- IP tab:
- Enable de-duplication, CIDR aggregation and set ASN caching to 24 hours.
- Under IP Interface/Rules configuration set the “Inbound Firewall Rules” to WAN with blocking action and “Outbound Firewall Rules” to your desired interfaces to be “protected” by pfBlockerNG with rejecting action.
- Sub-tab IPv4 will allow you to configure IPv4 block lists
- Blocklist examples
- Enable de-duplication, CIDR aggregation and set ASN caching to 24 hours.
- DNSBL tab:
- Enable DNSBL
- Set mode to unbound
- Enable Wildcard Blocking (TLD)
- Enable Resolver Live Sync
- Under DNSBL configuration you can set the to-be-used interfaces to connect the DNSBL Webserver through “Permit Firewall Rules” (e.g. LAN and guest network).
- Sub-tab DNSBL Groups will allow you to configure DNS blocking groups and works both for IPv4 and IPv6
- Update: do a “Reload” and run to download and update the configured blocking lists
- Firewall: The following rules will be created once the update & reload has been done
