Malware Patrol provides block lists compatible with pfBlockerNG, a package for pfSense version 2.x that allows the usage of custom block list, IP filtering, and country block functionalities.
You can follow these simple steps to configure your pfBlockerNG to filter malicious URLs and protect the internal network, computers and users from getting infected by malware and ransomware.
1) Log in to pfSense GUI.
2) Choose System > Package Manager.
3) Choose Available packages then scroll down to pfBlockerNG and clock Save.
4) Once the package is installed, choose Firewall > pfBlockerNG.
5) On the General tab, enable the following options:
Global Logging (optional)
You may also need to adjust Interface/Rules Configuration depending on your set up.
6) Choose DNSBL from the pfBlockerNG menu. Check Enable DNSBL. And under IP Firewall Rule Setting select Deny Outbound. Click Save.
7) Click DNSBL Feeds then click +Add.
8) Enter Malware Patrol as the DNS GROUP Name.
9) Under DNSBL Source enter your URL for the Plain Text – Aggressive block list provided by Malware Patrol. The address can be found by logging in to your account with Malware Patrol. Enter a label, MP-Aggressive for example and click +Add.
10) Repeat step 9 for the Plain Text – Aggressive block list for Ransomware (optional).
11) Set List Action to Unbound and Update Frequency to Every hour (for Malware Patrol Premium members only). Click Save.
12) Click Save.
13) Choose Update from the pfBlockerNG menu. Select the Select “Force” optionand mark Update, then click Run.
14) The logs should present messages similar to the following:
Our special thanks to F34RInc for helping put together this how-to.