januari 18, 2023 door Tim
pfBlockerNG is a powerful package for pfSense, a popular open-source firewall software that allows you to block unwanted traffic by using various IP blocklists and advanced features such as GeoIP blocking. In this article, I will explain how to install and configure pfBlockerNG on pfSense, step-by-step.
- Log in to your pfSense web interface and navigate to the “System” menu.
- Under the “Packages” submenu, select “Available Packages” and search for “pfBlockerNG”
- Click the “+” button to install the package, and then navigate to the “Firewall” menu and select “pfBlockerNG.”
- In the “General” tab, configure the basic settings for pfBlockerNG.
- Click on the “IPv4” tab and enable the “Enable IPv4” option.
- To add blocklists, navigate to the “List” tab and click on the “+” button. You can add various blocklists, such as the Emerging Threats blocklist or the Spamhaus blocklist.
- Use the “Countries” tab to block traffic from specific countries.
- Navigate to the “Firewall” menu and select “Rules” to configure rules for blocking traffic.
- Finally, navigate to the “Diagnostics” menu and select “pfBlockerNG” to see the traffic that is being blocked.
By following these steps, you can easily install and configure pfBlockerNG on your pfSense firewall to protect your network from unwanted traffic. Whether you are a network administrator, IT professional, or a home user, pfBlockerNG is an essential tool for securing your network. It is important to note that this is a general guide and the steps may vary depending on the version of pfSense and pfBlockerNG you are using. Therefore, make sure to consult the official documentation and check for any updates before proceeding.
Blocklists for pfBlockerNG
Emerging Threats is a well-known provider of IP blocklists for various firewall software, including pfBlockerNG for pfSense. Here are some popular Emerging Threats blocklists that you can use with pfBlockerNG:
- Emerging Threats Pro: This blocklist is a comprehensive and constantly updated list of IP addresses known to be associated with malicious activity, such as malware, botnets, and phishing.
- Emerging Threats Compromised: This blocklist contains IP addresses that have been compromised by attackers and are being used for malicious activities.
- Emerging Threats Botcc: This blocklist contains IP addresses that have been identified as being part of botnets.
- Emerging Threats DShield: This blocklist contains IP addresses that have been reported to the DShield.org community as being involved in suspicious or malicious activity.
- Emerging Threats Spyeye: This blocklist contains IP addresses that have been identified as being associated with the SpyEye malware.
- Emerging Threats Malware: This blocklist contains IP addresses that have been identified as being associated with malware and other malicious activity.
- Emerging Threats Tor: This blocklist contains IP addresses that belong to the Tor network.
- hpHosts (all of them) – From MalwareBytes
- BBcan177 – From the creator of pfBlockerNG
- BBC (BBC_DGA_Agr) – From Bambenek Consulting
- Cryptojackers (all of them) – This blocks cryptojacking software and in-browser miners, but it also blocks various coin exchanges.
You can use these blocklists by adding them to pfBlockerNG via the “List” tab and configuring the appropriate rules in the “Firewall” menu. It’s worth noting that these lists are updated frequently, so you’ll want to keep an eye on them to ensure they’re up to date. Also, Keep in mind that blocking IP addresses may have an impact on your network and the services you use, so you should test and monitor the configuration before applying it to a production environment.
In summary, installing pfBlockerNG on pfSense allows you to block unwanted traffic on your network, it’s easy to do, and it’s an essential tool for securing your network.