How do I block ads using pfsense?



  • How can I block ads either using squid or squidguard


  • Moderator

    @DelfinDelfin:

    How can I block ads either using squid or squidguard

    Another option:
    https://forum.pfsense.org/index.php?topic=102470.0



  • yes, but for a strange reason it doesn't work. I am following the next tutorial: http://benoliver999.com/technology/2016/02/27/howtoblockadswithpfblocker/



  • theres issues with squid and squidguard for some odd reason :( that wont make DNSBL to work

    Download the blacklist Shalla list

    http://www.shallalist.de/Downloads/shallalist.tar.gz

    on the black list on squidguard and download it

    on squid configure first your local cache leave it default until you get the hang of it and have transparent proxy ticked.

    First get the hang of http Before you get into https after that WPAD



  • I downloaded http://www.shallalist.de/Downloads/shallalist.tar.gz and it blocks well other categories, but for the ad category it doesn't even block youtube ads. I am going to see if I can modify them myself (UPDATE: I don't know what I did, but it seems that now it works) (SECOND UPDATE: I rebooted my router and now is not working again, Does anybody know what is the problem?)



  • hmmm Maybe try this instead

    http://urlblacklist.com/?sec=download

    Also you could do this but its more of a hassle install adblock then look at the log to see what it blocks on youtube ads and add it manually to squidguard



  • IMO, the fastest, simplest, and lowest overhead way to block ads, malware, and tracking sites is by running one of the built-in DNS server options on pfSense, and feeding it a hostname blacklist.

    My setup is as follows: I have dnsmasq (DNS Forwarder under Services) enabled on my LAN interface. Under "custom options" at the bottom, I have the following line:

    addn-hosts=/root/hosts.txt
    

    Under the DHCP Service, the sole DNS server is my pfSense LAN IP.

    Finally under System General Setup, I point pfSense at my preferred third party DNS server (OpenDNS at 208.67.222.222 and 208.67.222.220 – I don't trust my own ISP or Google's 8.8.x.x when it comes to this information.)

    In the file located at /root/hosts.txt I maintain my own blacklist that is the union of several popular public lists, as well as thousands of servers I've hunted down myself by watching DNS traffic go by. These are all good sources of data:

    http://winhelp2002.mvps.org/hosts.txt
    http://someonewhocares.org/hosts/zero/hosts
    http://www.malwaredomainlist.com
    https://github.com/StevenBlack/hosts

    The start of hosts.txt looks like this:

    127.0.0.1 localhost
    255.255.255.255 broadcasthost
    ::1 localhost
    0.0.0.0 link.ac
    0.0.0.0 say.ac
    0.0.0.0 js.cdn.ac
    

    As one final layer of protection, I found the domains with the largest number of subdomains, and where I determined the entire domain was untrusted, I added an additional line to my dnsmasq custom options from earlier. While this is redundant with some entries in hosts.txt, it allows me to easily move my hosts.txt to a particular machine that will go off my LAN and still have it protected.

    address=/.doubleclick.net/0.0.0.0
    

    My other dnsmasq custom options are as follows, for completeness:

    • log-queries        (causes all lookup traffic to be logged to /var/log/resolver.log for analysis)

    • cache-size=400000          (since I have 215k entries in my hosts.txt, it may as well keep them all handy. Someone who knows more than me about the internals of dnsmasq may well demonstrate that I'm doing this one all wrong, but it's never given me any trouble.

    • edns-packet-max=512      (protection against the horrible glibc bug that will go largely unpatched in lots of places: https://threatpost.com/magnitude-of-glibc-vulnerability-coming-to-light/116296/)



  • umm I've been using pfBlocker flawlessly but for some reason is not working anymore, I haven't changed absolutely anything. Tried to re-download list, reinstall it, restart router but still the same :/



  • maybe members of this board,  who are paid employees,  are helping anti block advocates  to assert their view of things…..?


Log in to reply