I set up pfBlockerNG about a year ago by following Tom's tutorial. After making some other changes to my firewall setup recently I decided to re-run pfBlocker's wizard just so I could start with a fresh config. This tutorial is still as spot-on as it was when Tom first made it. So I'm giving another tip of my hat to Tom for his outstanding guidance and thorough explanation of this package.

it almost 1.5 years that I undoubtedly follow your tutorials for pfsense configuration, really good content and knowledge shared at it upmost form, thank you very much.

Just wanna say thanks for the great info! I know it's a massive effort to put together all these videos. They've been such a help for me as I've gotten started with pfSense and TrueNAS over the last couple of weeks.

Been using this for a couple years and forgot to donate. Just signed up for the Patreon and I encourage others who have the means to do so as well. It's these developers who continue to push pfSense to the top.

Thanks for the guide Tom. Upgraded from 2.5 to 3.0. Sound advice as always.

Perfect timing! I installed this plug ages ago and was about to finally going and set it up.

Best pfSense content ever. Thankyou your stuff has been a big help!

Love it Tom! Always great detailed content for exactly what I am looking for, best PfSense tutorials on KZbin!

Tom, thanks for another great update it's much appreciated!

Thanks for this Tom, very complete and awesome explanations.

Great video. Small request: can you please zoom in when you show what you do on screen? It would be much easier to see on the phone the details you show Thanks👍

It's important to note that pfBlockerNG won't work if you're running DNS Forwarder. I was getting address bind errors with unbound after running the setup wizard. To fix, I needed to disable DNS Forwarder and set up DNS Resolver instead. This might be obvious to many, but for a noob like me it took some time to work out the problem.

One of the first things I do when setting up pfblocker-ng is add the (public) DNS servers I use to the IP whitelist. For example; Some time ago the 1.1.1.1 was put on a blacklist :( I had to spend some time figuring out why internet was "dead" on every device in the entire network 🤬

Thanks Tom. Its a lil of time that i want to start a pfblocker. Hope your guides can help me. Ciao

Tom, excellent information here, so I added it to my cybercentric T-channel (FlynnInfoSec1). As a recent NG6100 owner, it is nice to have such a great resource!

Always a great tutorial. Used it again after updating to a 4-port intel NIC from a 2-port...thanks!

I see for North America you have it set for "Match Both". What does match both do?

Thanks Tom for the update, can we get an update on connecting Truenas to PfSense in LACP, please? Pref with a Netgear managed switch!!! lol

I was hoping that you would hit on Unbound mode, whether through Unbound mode or through the Unbound Python mode, and what, if any changes need to be made. But good content as always Tom, and I thank you for putting this out.

Finally I find something to block Ads. Thanks

Tom, I was watching your PfblockerNG video from 2019, and then i ran into the MaxMind error, then i searched for this video and bang, problem solved

Thank you for sharing this video which is super useful to anyone starting new to use pfSense / pfBloker. I have a question:: the GEO IP page suggests not blacklisting "the whole world" but to whitelist a few countries from which one is interested in receiving traffic. I believe the approach demonstrated in the video the whole world blacklisting. If you provided instructions, or a dedicated video, on how to whitelist a few countries, that would be super ! (simply a suggestion for consideration)

Thanks, for this explanation. I would appreciate that you would make a video explaining the lists you are using, and custom lists not found in the Feeds . Cheers

Great video and thanks for the help. If you have VPN setup do you select openvpn for both inbound and outbound interfaces during the setup.

Super helpful video, best one I've seen yet on pfBlocker. Many thanks!!

Thank you very much for sharing knowledge. may God return you in much more ...

Thank you Tom, your videos are awsome and i have learned so much... love my netgate 5100!!! (got it cheap...)

top banana. Common sense approach. Sensible application. Thanks for posting this.

Patreon Link for the pfblocker creator www.patreon.com/pfBlockerNG pfblocker reddit www.reddit.com/r/pfBlockerNG/ Maxmind GEOIP Registration www.maxmind.com/en/geolite2/signup ⏱️ Timestamps ⏱️ 0:00 pfblocker patreon 2:02 pfblocker reddit posts and changelog 3:36 installing pfblocker 4:10 pfblocker wizard 7:20 Customizing pfblocker 8:20 Floating Rules 10:18 Maxmind Licence Key 11:06 IP Block Lists 13:20 adding feeds 15:16 GeoIP Configuration 17:40 Alerts and Reporting 19:31 DNSBL Configuration 21:47 Threat Lookups 25:05 DNSBL Whitelisting

Thank you very much for the great Information. You are awesome.

Basically for newbies, leave settings as defaults which works for me.

Thank you, as always very good information

Thanks for the demo and info, have a great day

Great, especially the custom list

Nice introduction to PFblocker. I deployed it yesterday following this video , hoping to block websites , however many are still getting through . http versions of sites are blocked but https versions are returning . Any advise ? ( Using Shallalist , Already enabled TLD , Force reloaded , rebooted )

Thank you for the thorough explanation!

ty for all the great info, and any site taht i found taht "you must unblock us to view content" is a big okay bye bye for me. i don't need them. lol

Thank you for all your videos! I really want to buy a couple of your shirts like the crimp hand one, but they are black and I work outdoors mostly in texas :(

If anyone is having problems with MaxMind licence being rejected, just update pfBlockerNg to version 3.2.0_4.

As always thanks for the video, your vids are always great!

Best of the best as always.. thank you 🙏 for awesome videos!!

As always excellent content. Thank you.

Great tutorial! Thank you sir.

Very helpful! Thanks

Thank you for making these videos!!

Excellent stuff Lawrence!

I am from michigan same area :P

Hey Lawrence, I want to run pfSense but it has to be on a box with multiple 10GbE SFP+ slots. Know of any such commonly available hardware that can be used with pfSense?

How do I block all websites and allow only few websites to access from specific LAN IP's, and allow all websites on other IP's of LAN

Great video as always. Keep it up!

When do we think v3 of pfblockng will be stable and not dev? thanks for all your pfsense video's they really help.

Why in the GeoIP setting for North America, do you have it as Match Both vs Deny Inbound?

I've been trying to allow a specific port forward to bypass the GeoIP lists. I can't seem to find a good resource for this latest version. Since you mentioned enabling floating rules, would I just add a new floating FW rule to the top of the list that allows that one port?

Kind of off topic, but how did you get the selected check boxes in pfSense a different color? :-)

Wonder if there's a reason to run PFblocker together with the blacklist blocker on CloudFlare.

Thank you. It helped a lot!

Can I have lan1 non filtered via pf blocker and. Having lan2 or opt filtered by pf blocker?

This might be a dumb question. I apology in advance but I still ask... So, I want to use pfSense to restrict my kids from accessing other domains that I want (those from school). Is that easy doable? Can you suggest anything?

Thank you!!

It seems like with version 2.1.4_28 the wizard is gone. Also there is no Feed and IP tab. Tthere is nothing set up for IPv4 as well as no lists in the Source Definitions. There are no DNSBL Groups and the EasyList is just blank. Is there a meaning to the Header/Label field for the URL of the list or can it be anything?

Just becasue a webpage says they're a data analytics company it doesn't mean that "clearly" they're a data analytics company. It's just a web page son. I have a bridge for sale. Interested? Fantastic video though. This makes me want to stay with PFSense. You've got one of the lowest thumbs down ratios I've ever seen. Keep up the good work. Thank you.

I know this video is a year or so old, but after I go through the wizard for pfblockerng-devel 3.0.. i am only seeing 1 dnsbl group? In the video it looks like there's 3? Is this some sort of recent update or did I mess something up?

Please a quick elaboration on why in Firewall/pfBlockerNG/IP/GeoIP all rules have as action Deny inbound (so deny what comes from outside to the network according to my GeoIP rules which seems right as a choice) where in Firewall/pfBlockerNG/IP/IPv4 for all block lists the action is Deny outbound. Its like our network is the malicious one and prevents it from contaminated net :) Am I missing something here> Shouldnt all actions in both GeoIp and Blocklists set to Inbound than outbound????? What purpose serves the outbound? New Edit: hmmm.... probably block lists set to outbound in order to prevent the user/s to visit already known malicious sites .. so this traffic is considered to be outbound right?

Hello, regarding the DNSBL VIP Address, if you have 2 pfsense firewalls syncing via XMLRPC, should that IP be different for each firewall or that doesnt matter since its virtual?

thank you!

Should the Action under PfBlockerNG\IP PRI1 be Deny Outbound or Deny Inbounnd?

Cool needed this but some of the default feeds gone. Does anyone have new feeds that will replace the ones we lost?

How would you add a range of IPs (ie cloudflare) to the whitelist? I'm having issues with the cloudflare proxy (orange cloud) not responding due to pfblocker.

I like your minimalist approach to the DNSBL. I'm going to turn them all off for now. Have you or anyone found a list to block ads when browsing on mobile devices? 🤔

dang, something broke in the latest update of PFB for me...when I try to go into the reporting section, I time out no matter what browser/pc etc.

pfb_dnsbl pfBlockerNG DNSBL service shows disabled and when I click enable it doesn't start the service. Looked around and cannot find the answer for this issue.

I've looked at pfblockerng-devel a few times now and I just can't get it to not hog the CPU on my Netgate SG2100. The SG2100 normally sits at 95 to 98% idle in normal conditions on my home network, but with pfblockerng-devel enabled just after running through the Wizard and making no changes the router sits at 30 to 40% idle and gets a lot hotter to touch. I don't get it since there really isn't much going on in the network, the pihole does the same work using less than 1% CPU on a Raspberry Pi 4. I'd love to use pfblockerng, but given the strain it puts on the Netgate router, it's just not feasible. Am I doing something wrong there? Am I missing something?

I tried to only allow my computer IP to access without blocking but no working. I put rules on the top at Floating, WAN and LAN interface, still not working. I use your examples blocking the UDP 53(DNS). What I did wrong?

👍👍

I've had issues with false positives using pfBlocker in the past. I ended up switching to pihole instead for its UI/ease of use as well. What are your thoughts on the two for a home user? Does it matter?

Hello , i’m new to pfsense , and have pfBlockNG setup and working okay , but right now pfsense blocked Radarr for search or add new exiting movies. How can i whitelist Radarr ?

Will it work on SG-1100 without any other plugins set, configured and enabled? I’m just concerned that the SG-1100 is too small to work with pfBlocker-NG. Can anyone confirm this please? Thanks.

i was waiting a mention to Unbound Python mode...the new of the 3 version

Thx for great video. Although I think its pretty confusing :D NFL Game Pass android app(on tv), is getting ad-blocked when I want to start streaming a game, and then black screen. But I cant find out how find the specific host to whitelist. :S

Floating Rule and LAN rule in the firewall, which one is evaluate first?

Any thoughts as to why fb isn't loading videos or video thumbnails on my wall? "Sorry, we're having trouble playing this video"

Hi I have a question about PfblokkerNG. When I use Pi-Hole as a DNS blocker, I have the opportunity to see an active here and now updated log file that shows in color what is blocked and what is not blocked. I use a Nategate 4100 which I am very happy with, but am considering using PfblockingNG rather than Pi-hole. However, I really like the online log reading that is possible in Pi.Hole. Is it somehow possible to get the same information from my Nategate?

Can't believe you are still setting up ipv4-only firewall not a dual stack one, especially in USA

I've tried mine working smoothly until I found out that it didn't work in https sites... The documentation says that it will also apply to https sites but it doesn't. Can you help me with my problem?

ok so what exactly is the difference with _rep countries and non _rep countries?

If things look off, its because you downloaded the wrong package.... took me a while of fighting to figure out what was going on.

Hello, can we configure webfilter on user groups on pfsense? if yes how?

How does this compare against the PiHole project on the RPi?

How can I customize DSNBL blocking page on PfblockerNg3,

I installed it and it works great except for some reason it is blocking Amazon app. Is there a way to fix this?

Time for an update... no more Wizard tab ;)

hello bro! I have range ip in route , so how to use pfblockng with range ip in static route

Hey everyone, I have setup this as per the video instructions and cannot for the life of me get it to work correctly. I ads still come through.. Under rules, floating, the stats for the rule that pfBlocker created remain at 0/0 B Which appears to indicates that no traffic is flowing through/using this rule. I am at a bit of a loss what to do to rectify this, can anyone assist?

Hi, Can you please help with a query. Suppose we need to bypass a LAN side host for PFblockerNG then how it is possible. Pls, suggest.

What if you have a VPN? In Inbound/Outbound Firewall Rules - do I select WAN+VPN and LAN+VPN?

What type of support i may have if I purchase the Netgate device?

I can seem to find any rules in the Floating tab. What would be the reason ?

I confused. What if I already have 3 LAN Address with IP's of 192.168.0.0, 10.0.0.0 & 172.16.0.0, what VIP Address can/should I add?

What if I setup Nord VPN on pfSense? Would that be my WAN port even though I still have a "Wan" port listed? My external Ip of cours shows my true IP on the "WAN" interface.

Mister Rossmann insists everybody using pfBlocker-ND yet it is very confusing. I am not using that, why is there not a simple button that I can click and instead all this text, I hate how people do it, it is not for public for if it is not available! Countless of pages of text and half an hour tutorial just to use a single button!