Malware Patrol provides block lists compatible with pfBlockerNG, a package for pfSense version 2.x that allows the usage of custom block list, IP filtering, and country block functionalities.
Instructions
You can follow these simple steps to configure your pfBlockerNG to filter malicious URLs and protect the internal network, computers and users from getting infected by malware and ransomware.
1) Log in to pfSense GUI.
2) Choose System > Package Manager.
3) Choose Available packages then scroll down to pfBlockerNG and clock Save.
4) Once the package is installed, choose Firewall > pfBlockerNG.
5) On the General tab, enable the following options:
-
Enable pfBlockerNG
-
De-Duplication
-
CIDR Aggregation
-
Suppression
-
Global Logging (optional)
You may also need to adjust Interface/Rules Configuration depending on your set up.
6) Choose DNSBL from the pfBlockerNG menu. Check Enable DNSBL. And under IP Firewall Rule Setting select Deny Outbound. Click Save.
7) Click DNSBL Feeds then click +Add.
8) Enter Malware Patrol as the DNS GROUP Name.
9) Under DNSBL Source enter your URL for the Plain Text – Aggressive block list provided by Malware Patrol. The address can be found by logging in to your account with Malware Patrol. Enter a label, MP-Aggressive for example and click +Add.
10) Repeat step 9 for the Plain Text – Aggressive block list for Ransomware (optional).
11) Set List Action to Unbound and Update Frequency to Every hour (for Malware Patrol Premium members only). Click Save.
12) Click Save.
13) Choose Update from the pfBlockerNG menu. Select the Select Force optionand mark Update, then click Run.
14) The logs should present messages similar to the following:
If you experience any difficulties configuring pfBlockerNG with Malware Patrol’s block lists, please make sure it is working properly and contact our tech support at support (@) malwarepatrol.net.
Our special thanks to F34RInc for helping put together this how-to.