Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to install and configure pfBlockerNg in pfSense". In daily operation, I believe many people have doubts about how to install and configure pfBlockerNg in pfSense. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts about "how to install and configure pfBlockerNg in pfSense". Next, please follow the editor to study!

PfBlockerNG is a software package that can be installed in pfSense to extend the functionality of firewalls to L2 / L3 / L4 firewalls. Due to the increasing capabilities of criminals and cyber criminals, administrators must constantly improve the defense capability of firewalls.

PfBlockerNG provides pfSense with the ability to allow / deny decisions, such as the geographic location of IP addresses, domain names, or Alexa ratings for specific websites. The ability to restrict domain names is useful, allowing administrators to block attempts to connect to known bad domain names.

This tutorial will use the pfBlockerNG package by configuring pfSense firewall devices, as well as examples of adding / configuring pfBlockerNG domain name block lists.

Basic requirements

The basic configuration environment for this tutorial is as follows:

Newly installed pfSense firewall.

A WAN and a LAN interface.

The IP range of LAN: 192.168.0.

Experimental diagram

The following figure shows the pfSense environment that will be used in this article.

PfSense network topology

Install pfBlockerNG in pfsense

The first step is to connect to the Web interface of the pfSense firewall. This lab environment uses the 192.168.0.0swap 24 network and the firewall gateway address is 192.168.0.1. Enter "https://192.168.0.1"" in the browser address bar to go to the pfSense login page.

PfSense login window

After logging in to the pfSense page, click the 'System' menu to enter 'Package Manager'.

PfSense software package management

Click Available Packages (available packages).

Software packages available for pfSense

Locate the 'pfBlockerNG package' and click'+'on the side to install it. And click Confirm to start the installation.

Install fBlockerNG

Once confirmed, pfSense will begin to install pfBlockerNG. Be careful not to leave the installation page here and wait for the installation to finish.

PfBlockerNG installation

After the installation is complete, we begin the pfBlockerNG configuration. Once pfBlockerNG is configured, websites requested by DNS will be screened and blocked by pfSense Firewall running pfBlockerNG software. PfBlockerNG maps the updated list of known bad domain names to the wrong IP address.

The pfSense firewall needs to intercept DNS requests in order to filter out bad domain names and use UnBound's local DNS parser. This means that the client on the LAN interface needs to use the pfSense firewall as the DNS parser.

If the client requests a domain name in the pfBlockerNG block list, pfBlockerNG returns a virtual IP address for that domain name.

PfBlockerNG configuration

The first step is to enable the UnBound DNS parser on the pfSense firewall. Click the Services drop-down menu, and then select DNS Resolver (DNS parser).

PfSense DNS parser

First select the check box for "Enable DNS resolver (enable DNS parser)".

Listening port (listening port), select 53.

Network Interfaces (network interface), usually LAN interface and Localhost.

Outgoing Network Interfaces (egress Network Interface), select WAN in this configuration.

Enable the DNS parser

When the selection is complete, click "Save" at the bottom of the page, and then click the "Apply Changes" button that appears at the top of the page.

The next step is the first step in configuring pfBlockerNG. Navigate to pfBlockerNG under the Firewall menu, and then click pfBlockerNG.

Configure pfBlockerNG

Click the "DNSBL (DNS Block list)" tab to start setting up the DNS Block list, and then activate pfBlockerNG.

Set NS list

Select the Enable DNSBL (enable DNSBL) check box (highlighted in green below).

Enter the virtual IP address in DNSBL Virtual IP (Virtual IP). This address is not a valid IP on the pfSense network you are using. The IP will be used to collect statistics and monitor domain names rejected by pfBlockerNG.

Enable NSBL

Scroll down the page to make other settings.

DNSBL Listening Interface (listening interface), set to "LAN".

The "List Action" under DNSBL IP Firewall Settings (firewall settings), which determines what to do when DNSBLfeed provides an IP address.

The pfBlockerNG rule can be set to perform any number of actions, and generally select Deny Both, which will block inbound and outbound connections to the DNSBL feed IP / domain.

Configure NSBL

After selecting the project, scroll to the bottom of the page and click the SAVE button.

PfBlockerNG provides administrators with two options to configure individually or together. These two options are manual Feed from other web pages or EasyLists.

To learn more about different EasyLists (simple lists), visit https://easylist.to/.

Configure pfBlockerNG EasyList (simple list)

Let's first discuss and configure EasyLists, which is enough for the average user to have these lists and is easy to manage.

The two EasyLists in pfBlockerNG are "EasyList w _ Element Hiding" and "EasyPrivacy". To use these lists, first click "DNSBL EasyList" at the top of the page.

Configure DNSBL EasyList

The following settings are required:

DNS Group Name (DNS group name)-user-defined and cannot use special characters.

Description-enter a description for the administrator's reference.

EasyList Feed-choose which list to add (EasyList or EasyPrivacy)

Header/Label-user-defined and cannot use special characters.

Configure EasyList

The settings below are all about the user's personal preferences, and you can choose more than one as needed. The more important settings in "DNSBL-EasyList Settings" are as follows:

Categories (classification)-the type of list selected by the user, which can be selected more than one.

List Action (list Action)-in response to a DNS request, please set it to "Unbound" here

Update Frequency (update frequency)-the frequency with which the list is updated.

DNSBL EasyList Settin

When the EasyList setting is complete, click the "Save" button at the bottom of the page, and the page will reload, and then click the "Update" tab.

On the updates tab, highlight the "Reload" option, and then select the "ALL" option to download the block list selected on the EasyList configuration page.

The above must be done manually, otherwise the list can only be downloaded automatically after the set update frequency. Make sure you run this step after you change the settings (add or remove the list).

Update asyList settings

Pay attention to check the log window below to see if there are any errors. If all goes well, the client machine on the LAN side of the firewall should be able to query known bad sites through pfSense firewall and receive bad IP address information. Note that the client machine must be set to use pfsense as its parser!

Check for errors in Nslookup

Please note the nslookup above. The result returned by the URL is the pseudo-IP that we configured in pfBlockerNG, which is what we expect. This will cause any request for the "100pour.com" URL to be directed to the virtual IP address 10.0.0.1.

Configure DNSBL Feed for pfSense

In contrast to AdBlock EasyLists, we can use other DNS blacklists in pfBlockerNG. These lists can usually be pulled into pfBlockerNG. The following is a list of these available resources:

Https://forum.pfsense.org/index.php?topic=114499.0

Https://forum.pfsense.org/index.php?topic=102470.0

Https://forum.pfsense.org/index.php?topic=86212.0

Some of my favorite lists include the following:

Http://adaway.org/hosts.txt

Http://www.malwaredomainlist.com/hostslist/hosts.txt

Http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext

Https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

Https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw

Let's configure the addition of DNSBL Feed:

First navigate to 'Firewall'->' pfBlockerNG'-> 'DSNBL'.

On the DNSBL configuration page, click DNSBL Feeds, and then click the Add button.

Configure DNSBL Feeds

It is allowed here to add other bad IP addresses or lists of DNS names to pfBlockerNG.

Configure DNS Bad list

Some important settings here are as follows:

DNS Group Name (DNS group name)-user customized.

Description (description)-easy to manage and use.

DNSBL Settings (DNS blacklist setting)

State (status)-running status.

Source (Source)-Link / source of the DNS blacklist

Header/Label-user-defined, note that special characters cannot be used.

List Action (list Action)-set to nbound.

Update Frequency (update frequency)-sets how often the list is updated.

After setting up, click the Save button at the bottom of the page. Like any changes to pfBlockerNG, this change will take effect automatically when the next update frequency arrives. You can also force a reload manually by navigating to the "Update" tab, selecting the "Reload" option, selecting the "All" option, and clicking the "Run" button.

DNSBL Feeds update settings

Check the log window below to see if there are any errors, and if all goes well, you can nslookup a domain name used in a DNSBL configuration from the client on the lan side to test that the list is working properly.

View DNS query results

As you can see from the output above, pfSense is returning the virtual IP address configured in pfBlockerNG as a bad IP for the blacklisted domain name.

In day-to-day administration, administrators can continue to adjust lists by adding more lists or creating custom domain / IP lists. PfBlockerNG redirects these restricted domain names to a fake IP address.

At this point, the study on "how pfSense installs and configures pfBlockerNg" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.