Differences

This shows you the differences between two versions of the page.

--- pfsense:pfblockerng:install_pfblockerng [2021/01/28 10:31] – peter
+++ pfsense:pfblockerng:install_pfblockerng [2021/01/28 11:28] (current) – peter
@@ Line 9: / Line 9: @@
   * [[PFSense:pfBlockerNG:Install pfBlockerNG:Setup IP Blocking|Setup IP Blocking]]
   * [[PFSense:pfBlockerNG:Install pfBlockerNG:Setup DNSBL Blocking|Setup DNSBL Blocking]]
-  * [[PFSense:pfBlockerNG:Install pfBlockerNG:Setup Custom IP Lists|Setup Custom IP Lists]]
+  * [[PFSense:pfBlockerNG:Install pfBlockerNG:Update Blocking Lists|Update Blocking Lists]]
-  *
+  * [[PFSense:pfBlockerNG:Install pfBlockerNG:Test|Test]]
-----
-===== Enable DNSBL =====
-Navigate to **Firewall -> pfBlockerNG -> DNSBL** and check the box for **Enable DNSBL**.
-Optionally, if you have a lot of RAM, you can also enable **TLD**.  This setting enables additional processing to block ALL sub-domains for advanced blocking.  For example, a list with sharewiz.net would also result in blog.sharewiz.net also being blocked if TLD is enabled.
-{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_tld.png?800|}}
-Locate the **DNSBL Webserver Configuration** section:
-  * Virtual IP Address: **10.10.10.1**.  This is the default IP address and should be fine.  Only change if needed.  Enter an IP address that is not in your internal networks, something like 10.10.10.10.
-  * VIP Address Type: **IP Alias**.  The default.  Only change if needed.
-  * Port: **8081**. The default.  Only change if needed.
-  * SSL Port: **8443**.  The default.  Only change if needed.
-  * Webserver Interface:  **LAN**.  The default.  Only change if needed.  Select LAN or another internal interface to listen on.
-{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_webserver_configuration.png?800|}}
-Locate **Permit Firewall Rules** within the **DNSBL Configuration** section:
-  * If you ONLY have one LAN interface, leave this setting unchecked.
-  * If you have multiple LAN interfaces, check this setting and select each interface to protect.
-  * Scroll to the bottom of the page and click the **Save** button.
-{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_permit_firewall_rules_multiple_lans.png?800|}}
-Locate the **DNSBL Whitelist** Section:
-  * See [[PFSense:pfBlockerNG:DNSBL Whitelist|DNSBL Whitelist]].
-  * Enter the following white-list domains and modify as you like:
-  * <code>
-.play.google.com
-.drive.google.com
-.accounts.google.com
-.www.google.com
-.github.com
-.outlook.live.com
-.edge-live.outlook.office.com # CNAME for (outlook.live.com)
-.outlook.ha-live.office365.com # CNAME for (outlook.live.com)
-.outlook.ha.office365.com # CNAME for (outlook.live.com)
-.outlook.ms-acdc.office.com # CNAME for (outlook.live.com)
-.amazonaws.com
-.login.live.com
-.login.msa.akadns6.net # CNAME for (login.live.com)
-.ipv4.login.msa.akadns6.net # CNAME for (login.live.com)
-.mail.google.com
-.googlemail.l.google.com # CNAME for (mail.google.com)
-.pbs.twimg.com
-.wildcard.twimg.com # CNAME for (pbs.twimg.com)
-.sites.google.com
-.www3.l.google.com # CNAME for (sites.google.com)
-.docs.google.com
-.mobile.free.fr
-.plus.google.com
-.samsungcloudsolution.net
-.samsungelectronics.com
-.icloud.com
-.microsoft.com
-.windows.com
-.skype.com
-.googleusercontent.com
-</code>
-Locate **DNSBL IPs** section:
-  * List Action: **Deny Both**.
-  * Enable Logging: **Enable**.
-{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_dnsbl_ips.png?800|}}
-Scroll to the bottom of the page and click the **Save** button.
-{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_save.png?800|}}
 ----
-===== Setup DNSBL EasyLists =====
-Navigate to **Firewall -> pfBlockerNG -> Feeds**.
-Scroll down to the **DNSBL Category** section.
-Select the **Easylist** by clicking on the **+** key towards the left side.
-{{:pfsense:pfblockerng:pfsense_pfblockerng_feeds_dnsbl_category_easylist.png?800|}}
-Set EasyList Feeds to:
-  * State: **ON**
-  * Action: **Unbound**
-  * Update Frequency: **Once per day**
-{{:pfsense:pfblockerng:pfsense_pfblockerng_feeds_dnsbl_category_easylist_feeds.png?800|}}
-Scroll to the bottom of the page and click the **Save** button.
-{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_save.png?800|}}
-----
-===== Setup Custom DNSBL Lists =====
-See [[PFSense:pfBlockerNG:pfBlockerNG DNSBL Lists|pfBlockerNG DNSBL Lists]].
-Navigate to **Firewall -> pfBlockerNG -> DNSBL -> DNSBL Groups**.
-Click the **Add** button.
-Give it a **Name** and **Description**.
-Add in as many **DNSBL Source Definitions** as needed.
-Set:
-  * State: **ON**
-  * Action: **Unbound**
-  * Update Frequency: **Once per day**
-For Example:
-{{:pfsense:pfblockerng:pfsense_pfblockerng_feeds_dnsbl_pi_hole.png?800|}}
-----
-===== Update Lists =====
-Updates are run on the schedule earlier.
-However, the first one must be initiated manually to take effect immediately.
-Navigate to **Firewall -> pfBlockerNG -> Update**.
-Click the radio button for **Update** and click the **Run** button.
-Observe the log viewer as the update processes and allow it a couple minutes to finish.
-After the initial update, you should notice ads are now being blocked in your browser.
-{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_update_run_manually.png?800|}}
-----
-===== Check the Services =====
-Navigate to **Status -> Services**.
-Restart both **pfBlockerNG DNSBL** & **Unbound** services.
-{{:pfsense:pfblockerng:pfsense_services_-_pfblockerng.png?800|}}
-----
-===== Testing from the command line =====
-Normally, pinging a site will return the sites actual IP address.
-However, with pfBlockerNG properly setup you may instead see a reply of 10.10.10.1, which is the default virtual IP address DNSBL creates:
-{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_ping_block.png?800|}}
-For sites that are allowed to get through, their proper IP address will be returned by a ping instead of 10.10.10.1:
-{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_ping_not_blocked.png?800|}}
-The same goes for an nslookup query, which will also return a response of 10.10.10.1 for adverts:
-{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_nslookup_block.png?800|}}
-For sites that are allowed to get through, their proper IP address will be returned instead of 10.10.10.1.
-{{:pfsense:pfblockerng:pfsense_pfblockerng_dnsbl_nslookup_not_blocked.png?800|}}
-----