PfBlockerNG for OpenVPN Client Configuration



  • Hello.

    I want to block Ad with pfBlockerNG.
    How do I set pfBlockerNG General and DNSBL settings for an OpenVPN Client?

    These are my current settings: http://abload.de/image.php?img=bild1mksu6.png
    (NL7_OVPN and NL2_OVPN are OpenVPN Client Interfaces and WLAN2_4GHZ is a WLAN Interface)
    What should I choose by Outbound Firewall Rules?
    Do I need to enable "OpenVPN Interface" option under Outbound Firewall Rules?

    These are my DNSBL settings: http://abload.de/image.php?img=bild366s5y.png
    Should I activate "DNSBL Firewall Rule" option for WLAN or for OpenVPN?

    Thanks



  • @David127:

    Hello.

    I want to block Ad with pfBlockerNG.
    How do I set pfBlockerNG General and DNSBL settings for an OpenVPN Client?

    These are my current settings: http://abload.de/image.php?img=bild1mksu6.png
    (NL7_OVPN and NL2_OVPN are OpenVPN Client Interfaces and WLAN2_4GHZ is a WLAN Interface)
    What should I choose by Outbound Firewall Rules?
    Do I need to enable "OpenVPN Interface" option under Outbound Firewall Rules?

    At the present time, I have my appliance set to route all traffic thru the OpenVPN tunnel.  I have the OpenVPN interface I created selected for both the Inbound and Outbound Firewall Rules.

    @David127:

    These are my DNSBL settings: http://abload.de/image.php?img=bild366s5y.png
    Should I activate "DNSBL Firewall Rule" option for WLAN or for OpenVPN?

    I do not have the box checked as I don't have multiple LAN segments. According to the help text, "This will create a 'Floating' Firewall rule to allow traffic from the Selected Interface(s) below to access the DNSBL VIP on the LAN interface. This is only required for multiple LAN Segments."

    I had issues getting this working initially. It was due to having the wrong setting on another screen. You can read the thread here:

    https://forum.pfsense.org/index.php?topic=126780.msg700053#msg700053



  • Hi Xentrk.

    Can you make a screenshot of all general settings and post it here?
    That would be helpful.

    What did you choose in DNSBL under DNSBL Listening Interface?

    Thank you.



  • David127…I managed to get my pfblockerng to block ads...I don't think my setup is perfect but just some observations on your config you might want to adjust are:

    http://abload.de/image.php?img=bild1mksu6.png
    I noticed your "Kill states" should be checked...you might have active states

    http://abload.de/image.php?img=bild366s5y.png
    I checked the "DNSBL firewall rules", a floating rule was added for the interfaced designated, this allowed access to the 10.10.10.1 ip (check if you can access this on your devices connected to your network)

    In terms of my Listening interface I would suggest using your LAN or WLAN...I believe the interface needs internet access.

    Regarding my general settings I do not have "DNS Server Override" checked nor do I have "Disable DNS Forwarder" checked.

    Caveat: I had to create a custom rule allowing access to 127.0.0.1 to get mine to work...I don't think this is optimal and likely due to the fact I have OpenDNS as my DNS servers in general, using resolver(vs forwarder), multiple interfaces and some strict firewall rules.

    Make sure you can navigate to the DNSBL VIP...i.e. Type 10.10.10.1 in your browser you are trying to block ads on, you should get to a blank page labeled "10.10.10.1-pixel"

    Not perfect but I hope that helps...

    Added note: BBCAN177 had also suggested starting with making sure you can navigate to 10.10.10.1...without that ability it won't work. After trying, go to your firewall log it will likely give you hints as to what's not working.



  • @David127:

    Hi Xentrk.

    Can you make a screenshot of all general settings and post it here?
    That would be helpful.

    What did you choose in DNSBL under DNSBL Listening Interface?

    Thank you.

    No problem. Let me know if I can be of further assistance. I recall the days of reading every post in the pfBlockerNG forum before trying to set it up and struggling with getting it working. Hang in there!

    Regards, Xen