How do I block ads using pfsense?

  • How can I block ads either using squid or squidguard

  • Moderator


    How can I block ads either using squid or squidguard

    Another option:

  • yes, but for a strange reason it doesn't work. I am following the next tutorial:

  • theres issues with squid and squidguard for some odd reason :( that wont make DNSBL to work

    Download the blacklist Shalla list

    on the black list on squidguard and download it

    on squid configure first your local cache leave it default until you get the hang of it and have transparent proxy ticked.

    First get the hang of http Before you get into https after that WPAD

  • I downloaded and it blocks well other categories, but for the ad category it doesn't even block youtube ads. I am going to see if I can modify them myself (UPDATE: I don't know what I did, but it seems that now it works) (SECOND UPDATE: I rebooted my router and now is not working again, Does anybody know what is the problem?)

  • hmmm Maybe try this instead

    Also you could do this but its more of a hassle install adblock then look at the log to see what it blocks on youtube ads and add it manually to squidguard

  • IMO, the fastest, simplest, and lowest overhead way to block ads, malware, and tracking sites is by running one of the built-in DNS server options on pfSense, and feeding it a hostname blacklist.

    My setup is as follows: I have dnsmasq (DNS Forwarder under Services) enabled on my LAN interface. Under "custom options" at the bottom, I have the following line:


    Under the DHCP Service, the sole DNS server is my pfSense LAN IP.

    Finally under System General Setup, I point pfSense at my preferred third party DNS server (OpenDNS at and – I don't trust my own ISP or Google's 8.8.x.x when it comes to this information.)

    In the file located at /root/hosts.txt I maintain my own blacklist that is the union of several popular public lists, as well as thousands of servers I've hunted down myself by watching DNS traffic go by. These are all good sources of data:

    The start of hosts.txt looks like this: localhost broadcasthost
    ::1 localhost

    As one final layer of protection, I found the domains with the largest number of subdomains, and where I determined the entire domain was untrusted, I added an additional line to my dnsmasq custom options from earlier. While this is redundant with some entries in hosts.txt, it allows me to easily move my hosts.txt to a particular machine that will go off my LAN and still have it protected.


    My other dnsmasq custom options are as follows, for completeness:

    • log-queries        (causes all lookup traffic to be logged to /var/log/resolver.log for analysis)

    • cache-size=400000          (since I have 215k entries in my hosts.txt, it may as well keep them all handy. Someone who knows more than me about the internals of dnsmasq may well demonstrate that I'm doing this one all wrong, but it's never given me any trouble.

    • edns-packet-max=512      (protection against the horrible glibc bug that will go largely unpatched in lots of places:

  • umm I've been using pfBlocker flawlessly but for some reason is not working anymore, I haven't changed absolutely anything. Tried to re-download list, reinstall it, restart router but still the same :/

  • maybe members of this board,  who are paid employees,  are helping anti block advocates  to assert their view of things…..?

Log in to reply