PfSense & blocking web addresses



  • I've started using the MVPS hosts file on my PC's to help block junkware, but updating each PC can be annoying. I've been looking for a way to block it at the firewall level using my pfSense firewall, but there doesn't seem to be a good way. I could use squid, but it seems using that would require going over the entire hosts file removing everything but the addresses.

    I'm also not sure I want to use a proxy (even transparent; I used a transparent proxy that had a good interface and really good logging back when I used to use IPCop, but what appears to be available doesn't seem to be anything like what was in IPCop), plus, will using a transparent proxy even do anything if somehow any of this malware trys to go out on any port other than 80? Using a host file, ANY attempt to go to one of the blocked addresses will be stopped.

    Adding an address into the Blacklist field under "Proxy Server: Access Control" seems to work for port 80, but if I try https, it doesn't get blocked.

    Is there any way to get host file like blocking at the firewall level, ideally with a fairly simple 'point and click' update, even better if it would allow you to specify a source such as the MVPS host file (or other similar, reputable source for blocking malware/adware sites)?

    Thanks in advance.



  • Have a look at pfBlocker from the Packages, that should help:
    http://forum.pfsense.org/index.php/topic,42543.0.html


Locked