This open source project is free to use and distribute, which lowers licensing costs as compared with Cisco ASA's, Sonicwalls, etc. Following are some of the useful functions of Pfsense:

- Firewall
- Multiple Internet connections with load balancing
- WiFi
- VLANs (801.1Q)
- Failover groups
- FreeRadius: VPN, IPsec, OpenVPN, PPTP
- DHCP server & relay
- Proxy Server: Squid, SquidGuard (URL filtering), lightsquid
- Sniffer packets capture
- Snort
- Country Block
- HAVP: scan HTTP traffic for virus
- pfblocker: automatically update from i-blocklist of C.I. Army

Installation notes:
- To allow Pfsense to automatically update, goto System:Firmware:Settings:Updater_Settings to set Firmware Auto Update URL to

Squid3 Ad Blocking Document source

1. Go to Services > Proxy Filter. Click on the Blacklist tab and put the following in the empty field and click Download:
2. Click on the Target categories tab and add an Alias. I named mine 'Ads' for obvious reasons. In the Domain list field, paste the domain list below. Set the Redirect mode to int blank image and click Save.

3. Click on the Common ACL tab and expand the Target rule list. Deny all the categories you deem inappropriate, including the 'Ads' alias we created earlier (this would typically be the first on the list). IMPORTANT. Be sure to select Allow on the last entry called Default access or all traffic will be blocked, then click Save.

4. Click on the General settings tab and tick on Clean advertising under Misc. Go further down and also put a tick on Blacklist. Paste the URL you used in step #1 above in the Blacklist URL field then click Save.

5. On the same tab, you will need to enable or cycle SquidGuard (disable then back to enable) using the tick and Apply button. Remember to cycle this whenever you change anything in SG or the changes won't work until you cycle it or you restart pfSense.

6. VoIP: net.inet.ip.fastforwarding will break ipsec tunnels. It should only be used when VoIP is behind the firewall.

Leave a Reply

Your email address will not be published. Required fields are marked *