Back to Blog

pfSense, Networking

Ad Blocking with pfSense Software

Written by: Alex Moriarty

Date: June 27, 2023

Ad Blocking with pfSense Software

The Federal Bureau of Investigation (FBI) is as a protective measure against scams online, according to a public service announcement. The agency's Internet Complaints Department has alerted the public that ad-blocking extensions can help guard against fraudulent online advertisements that mimic real brands and businesses and appear in search results. These deceptive ads often contain links to fake websites or malicious software designed to steal users' login credentials or financial information.

By endorsing ad blockers, the FBI acknowledges the increasingly dangerous online advertising environment, characterized by an ongoing battle between online ad sellers like Google and cybercriminals creating numerous accounts to bypass security systems when purchasing ads.

Despite constant monitoring and verification processes to detect scam ads, some fraudulent ones continue to slip through the nets of big tech companies. A report by Malwarebytes noted that cybercriminals were creating fake search ads impersonating well-known platforms such as YouTube, Amazon, and Facebook. 

The FBI's safety recommendations, in line with advice from the UK's Trading Standards, include checking the authenticity of an ad by scrutinizing the URL for typos and other errors, and manually entering the full website address of businesses and financial institutions when searching for them. 

The rest of this blog post will discuss how ad blockers work, why people use them, and how you can easily set one up yourself. Notably, US security agencies, including the National Security Agency (NSA), Central Intelligence Agency (CIA), and the FBI, are already using network-based ad-blocking technologies.

What is an Ad Blocker?

An ad blocker, as the term implies, is a tool designed to obstruct the display of advertisements on web pages and various forms of digital content.

How do Ad Blockers Work?

Ad blockers operate on two primary levels: script and DNS. Script-level ad blockers intercept HTTP requests and scrutinize the page's HTML, CSS, and JavaScript code for components that correspond to recognized patterns of online ads. If the ad blocker identifies an advertisement component, it has the ability to block the HTTP request to the advertisement server.

An alternative method is to filter responses at the DNS level to block ads based on hostnames and domains. This method involves rerouting DNS requests for known advertisement-serving domains either to a block page or a vacant IP address. It's important to note that DNS filtering transpires at the network level.

Why do People Use Ad Blockers?

There are various motivations for individuals to use ad blockers. Predominantly, people choose to block ads to circumvent exposure to intrusive or irrelevant advertisements. Enhanced page loading speeds is another reason why people might choose to use ad blockers. Furthermore, as highlighted by the FBI, increasing numbers of individuals are adopting ad blockers to safeguard their privacy and bolster online security.

Advantages of Blocking Ads At The Network Level

DNS-level ad-blockers present a robust and expansive solution. Rather than limiting their capabilities to blocking ads within the bounds of a browser, they extend their coverage to encompass mobile applications, smart TVs, and the myriad of Internet of Things (IoT) devices. In essence, these ad-blockers operate across the entirety of your network, going beyond the singular confines of your computer's browser and providing a more comprehensive ad-blocking strategy.

There's also additional ease-of-use that comes with network-level ad-blockers. Unlike browser-based ad-blockers which require individual setup on each device, network-based ad-blockers are managed centrally within the network. This allows for a single point of control for all devices and simplifies the process, especially when multiple devices are involved. The benefit is a substantial saving of time and effort, since there's no need to individually configure the ad-blocking settings for each device. 

While network-level ad blockers have advantages over browser-level blockers, there’s no reason to choose one over the other. Instead, users can stack both solutions to maximize  protection against dangerous ads.  A reason to pair network-based and browser-based ad blockers is because the browser based solutions can filter elements based on more than simply domain name. This means that ads served from the same domain as the website being accessed can also be obscured from the end-user.

pfBlockerNG for Ad Blocking

When it comes to network-level ad blocking, one of the most reliable and efficient tools at your disposal is pfBlockerNG. This package is specifically designed to offer a shield against the multitude of online threats lurking behind each page and ad.

Developed as a versatile package of pfSense software, pfBlockerNG serves as an integral line of defense in the cyber world. It takes a proactive approach to blocking intrusive ads, web tracking applications, and harmful elements such as malware and ransomware. It accomplishes this through an advanced system of DNS blocking, thwarting potential threats right at their source.

Features include:

  • Geographical/Country Blocking
  • IP Blocklist features
  • Dashboard widget
  • XMLRPC Sync
  • Lists update frequently
  • Many options to choose what to block and how to block
  • Network lists may be used for custom rules

How do I get pfBlockerNG?

The best way to use pfBlockerNG is to purchase Netgate hardware, which comes with pfSense Plus software. The set-up process is straightforward, thanks to user-friendly documentation. 

For more information on how to set up pfBlockerNG and pfSense software, click the links below: 

Get It Now

Frequently Asked Questions: Ad Blocking with pfSense Software

Does pfSense have an ad blocker?

Yes, pfSense supports ad blocking through pfBlockerNG, a powerful package that provides network-level ad blocking capabilities. pfBlockerNG is specifically designed for pfSense and offers comprehensive protection against ads, malware, and tracking across your entire network.

What is pfBlockerNG and is it worth it?

pfBlockerNG is a versatile package for pfSense that provides network-wide ad blocking, security features, and threat protection. It's worth implementing because it offers:

  • Network-level protection that covers all devices
  • Geographical and country-based blocking
  • IP blocklist capabilities
  • Regular list updates
  • Custom rule creation
  • Protection against malware and ransomware
  • XMLRPC synchronization
  • Convenient dashboard widget

How do I install and configure pfBlockerNG on pfSense?

To install and configure pfBlockerNG:

  1. Purchase Netgate hardware with pfSense Plus software
  2. Access the package manager in pfSense
  3. Install the pfBlockerNG package
  4. Configure DNS blocking settings
  5. Select and implement desired blocklists For detailed installation instructions, refer to the official pfBlockerNG documentation or Netgate pfBlockerNG Discussion Forum.

How does network-wide ad blocking compare to browser-based solutions?

Network-wide ad blocking through pfSense offers several advantages over browser-based solutions:

  • Protects all devices on the network without individual configuration
  • Blocks ads in mobile apps and IoT devices
  • Provides centralized management
  • Offers more comprehensive security features However, using both network-level and browser-based ad blockers together provides maximum protection, as browser-based solutions can filter elements based on more than just domain names.

How do I test if pfBlockerNG is working correctly?

To test pfBlockerNG:

  1. Enable DNS blocking in pfBlockerNG
  2. Visit known ad-serving domains
  3. Check the pfBlockerNG logs for blocked requests
  4. Monitor the dashboard widget for blocking statistics
  5. Use online ad blocking test tools to verify effectiveness

What are the DNS-related features in pfBlockerNG?

pfBlockerNG includes robust DNS-related features:

  • DNS-level filtering of ad domains
  • Custom DNS blocklists
  • Integration with unbound DNS resolver
  • DNSBL (DNS Block List) capabilities
  • TLS/SSL inspection options
  • Domain name filtering
  • DNS request monitoring

How does pfBlockerNG compare to Pi-hole?

While both pfBlockerNG and Pi-hole provide network-level ad blocking, pfBlockerNG offers additional benefits:

  • Integrated firewall functionality
  • Advanced security features
  • Built-in geographical blocking
  • IP-based filtering
  • Direct integration with pfSense
  • More extensive customization options

Can pfBlockerNG block ads on mobile devices and smart TVs?

Yes, pfBlockerNG blocks ads on all devices connected to your network, including:

  • Mobile phones and tablets
  • Smart TVs and streaming devices
  • IoT devices
  • Gaming consoles
  • Any device using your network's DNS services

How do I whitelist domains in pfBlockerNG?

To whitelist domains:

  1. Access the pfBlockerNG configuration
  2. Navigate to the DNSBL whitelist section
  3. Add specific domains you want to allow
  4. Apply the changes
  5. Force update your lists

What security benefits does pfBlockerNG provide beyond ad blocking?

pfBlockerNG enhances network security by:

  • Blocking known malware domains
  • Preventing access to phishing sites
  • Filtering suspicious IP addresses
  • Implementing country-based blocking
  • Protecting against ransomware
  • Monitoring and logging security threats
  • Providing real-time threat protection