In this guide, you will learn how to install and configure pfBlockerNG on your pfSense firewall. This tool serves as a powerful network-wide ad blocker, capable of filtering ads for all devices on your network, including tablets and mobile phones, by acting as a DNS sinkhole.
First, access your pfSense dashboard. We need to install the package from the system repository.
Navigate to System and then select Package Manager. By default, the "Installed Packages" list might be empty. Click on Available Packages to populate the list of installable tools.
Scroll down or search for "pfBlockerNG". You will likely see two versions: the standard version and the developer version. It is recommended to choose pfBlockerNG-devel as it is the currently active branch.
Click Install and then Confirm. The system will update its catalogs and complete the installation automatically.
Once installed, a new menu item will appear under the Firewall tab. Hover over Firewall and select pfBlockerNG to launch the setup wizard.
The wizard will guide you through a default configuration, setting up DNS Blacklists (DNSBL). This works by redirecting requests for known ad servers (like ads.cnn.com) to a fake IP address so the content never loads.
You will be asked to define your inbound and outbound interfaces:
The wizard will propose a Virtual IP (VIP) and port to run a small web server. This server displays a "blocked" page when a user tries to access a restricted site. If the default IP does not conflict with your network, simply click Next to finish the wizard.
Changes in pfBlockerNG often require a manual update to take effect immediately.
Navigate to the Update tab within the pfBlockerNG menu. Select Reload and click Run to trigger a synchronization of the blocklists.
The log will show "Update process ended" when complete.
Visit a website known for heavy advertising (e.g., speedtest.net). If ads are still appearing, it is likely due to caching.
If ads persist after installation, your browser or operating system may still be holding onto old DNS records.
For example, in Firefox, you can navigate to about:networking#dns and click Clear DNS Cache.
Often, the operating system itself caches DNS entries. The most reliable way to clear this is to reboot your client machine. After a reboot, visiting the same site should result in a much cleaner, ad-free experience.
You can also use pfBlockerNG to block specific websites manually.
Go to pfBlockerNG > DNSBL and select the DNSBL Groups tab. Locate the active group (often named "Ads_Basic" or similar) and click the Edit (pen icon) button.
Scroll down to the DNSBL Custom_List section. Click the + sign to expand the input field. Enter the domain you wish to block (e.g., example.com) and click Save.
Navigate back to the Update tab and run a force update again to apply the new custom rule. Once the update is complete and caches are cleared, attempting to visit the blocked domain will result in a warning page indicating the site has been blocked by the network administrator.