Blocking Websites for Free with pfSense

Blocking websites for free at home or in the office does not have to cost a fortune and can be possible if you are using pfSense for a router. There are several approaches and each has some flaws;

DNS Website Blocking

You can override external DNS by adding a redirect entry for the website you want to block, in actual fact this works with any solution and not just pfSense, you simply add the host you want to block for example and then give it an IP address that goes nowhere or you could redirect it to a page hosted somewhere inside your network information the user that the page has been blocked. In pfSense this can be done in the DNS forwarder which is available under the services menu.

The problem with this method is that firstly you are not stopping users from bypassing your block in any way and you are forced to maintain a block list manually, you can set your DNS servers to use opendns and then filter proxies etc out using opendns but it is still not a perfect solution. It is however one of the quickest ways to block a website, you can take it a step further as well and add null entries to the host file on your proxy servers if your client machines do not have alternative routes out.

Blocking Websites for free with pfSense

Firewall Website Blocking

Obviously the firewall itself can be used to block websites by adding rules to block or reject connections to the IP addresses of the websites you want to prevent access to however this solution has a major hole since many of the big websites use multiple servers or CDN connections making it a nightmare to maintain a block list or even get an entire list of the IP addresses. You can create an pfSense alias to use as a container for multiple IP addresses if you decide to go this route.

Transparent proxy filtering with Squidguard

The most effective way is to filter sites using squidguard or dansguardian since you will be able to filter not only based on fixed ips or hosts but rather by keywords or categories which is perfect if you want to block websites in a corporate environment. You can install squidguard via the packages menu in pfSense

Leave a Reply