snork.ca ... making kittens cry since 2001
homeabouttoscanaryrssmansvalidatecontact

Update: More Ad-Blocking With pfSense 2017-07-31


This post is pretty outdated by now and I wouldn't be surprised if pfSense has better ways to do this now. However, I also wouldn't be surprised if the procedure were still useful for someone today for similar pfSense config tasks... so I am moving it to the new and improved snork.ca eh (and adding a picture of a CloudAtCost failure).

Update: More Ad-Blocking With pfSense 2015-09-19


Someone named "brighttech" sent me these updated instructions for pfSense v2.2. His/her website was apparently http://www.brighttech.co.nz/ but that just forwards to login.microsoftonline.com now.

ONE

pfsense V2.2 doesn't natively include the "wget" command, but, does natively include "fetch". Thus, minor tweaks, adjusted the script "mvphosts_update.sh" to use the fetch command and thus you don't need to try and install the "wget" package. See FOUR below for the script.

TWO

Also note, in pfsense v2.2 the "/usr/local/etc/dnsmasq.conf" is unlikely to exist, and thus, like creating the "mvphosts_update.sh" you will need to create the dnsmasq.conf file with the save command and not edit.

THREE

The "DNS Resolver" is now the default DNS helper in pfsense, go ahead and untick the enable box and then using the pfsense web GUI go into the "DNS forwarder" (which is dnsmasq, what we need for this to work) and check enable. Do it that order, DNS Forwarder cannot start is DNS Resolver is running, they essentially do the same thing anyway.

FOUR – the updated script.

#!/bin/sh
cd /usr/local/etc
/bin/rm mvp_hosts.txt
/usr/bin/fetch http://winhelp2002.mvps.org/hosts.txt -o /usr/local/etc/mvp_hosts.txt
/usr/bin/killall dnsmasq
/usr/local/sbin/dnsmasq

This works great for me!

More Ad-Blocking With pfSense 2014-01-23


So I received a comment on this post tonight from someone named Knyte about wanting to use the MVPHosts file with pfSense. I admit that although I used to use this hosts file a long time ago, I stopped using it because I didn't want to figure out how to convert it for use with dnsmasq/pfSense. I'm really glad Knyte made the comment because I think I found a pretty easy solution (that doesn't even require enabling ssh)! Here's the plan:

Make sure your pfSense box has wget. Go to GUI -> Diagnostics -> Command Prompt and type this in the box called "Execute Shell command" (you may get an error message that it is already installed).

pkg_add -r wget

Make a script to update the MVPHosts file by going to GUI -> Diagnostics -> Edit File and give it this filename:

/usr/local/bin/mvphosts_update.sh

Hit save to create the file and then populate it with this content:

#!/bin/sh
cd /usr/local/etc
/bin/rm mvp_hosts.txt
/usr/local/bin/wget http://winhelp2002.mvps.org/hosts.txt -O mvp_hosts.txt
/usr/bin/killall dnsmasq
/usr/local/sbin/dnsmasq

Then hit save again to actually save it. Now make the script executable by going to GUI -> Diagnostics -> Command Prompt and run this command:

chmod 755 /usr/local/bin/mvphosts_update.sh

Now tell dnsmasq to use the new hosts file by going to GUI -> Diagnostics -> Edit File and edit the "/usr/local/etc/dnsmasq.conf" file. Add a line to it that says the following (and hit save of course).

addn-hosts=/usr/local/etc/mvp_hosts.txt

Next you'll want to tell cron to do the update now and then. Check that cron is installed by going to GUI -> System -> Packages and add it if it isn't installed. Then manage cron by going to GUI -> Services -> Cron and create an entry with these parameters (or at least something that seems sane):

minute: 59
hour: 3
mday: *
month: *
wday: 0
who: root
command: /usr/local/bin/mvphosts_update.sh

Now enjoy some crap-free browsing. You could make your updates more frequent, but I think once a week is probably plenty. I guess it would also be possible to build a little fault tolerance in to the script if you were so inclined. Thanks Knyte for giving me an excuse to go do this!

cac_dead CloudAtCost's brutal business model at work.


Made using Notepad++ & FastStone. Hosted on Debian with nginx & php. Powered by North Korean mushrooms.