I’m already a big fan of the browser extensions uBlock Origin (ad-blocking) and Ghostery (anti-tracking), but was looking to accomplish some (if not all) of what they do in a seamless way in pfSense. This will be a work in progress but using DNSBL in pfSense I’ve begun by utilizing the following block lists:
All lists that are incorporated into pi-hole by default:
##StevenBlack’s list
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
##MalwareDomains
https://mirror1.malwaredomains.com/files/justdomains
##Cameleon
http://sysctl.org/cameleon/hosts
##Zeustracker
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
##Disconnect.me Tracking
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
##Disconnect.me Ads
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
##Hosts-file.net
https://hosts-file.net/ad_servers.txt
uBlock Origin:
##uBlock Filters Plus
https://raw.githubusercontent.com/IDKwhattoputhere/uBlock-Filters-Plus/master/uBlock-Filters-Plus.txt
For initial testing purposes I completely disabled all browser extensions and browsed to a few different major news sites to measure effectiveness.
This was the before.
And after. So it looks pretty promising so far. I then tried CNN, HuffPost, FoxNews, and several others and started running into some hiccups.
These ads are being blocked, but the sitecode drawing out the area before the ads are loaded still remains as a remnant. I think there will still be a place for using uBlock Origin in browser as it does add the added functionality of blocking the sitecode for these entirely and “cleaning up” the site. So absolutely not a 100% solution, but still a good one and especially so to block ads on mobile/etc. where ad-blocking may not be available or as easy to implement.
**************************************************************************
Updates & Changes (9/10/2017):
As you can see from this screenshot of firewall logs:
The uBlock filter as of yet has not blocked any traffic and the bulk of which has been covered by the Steven Black list. I’ll continue monitoring this for a week or two, but it’s entirely possible I may be able to remove the list entirely.
So far I’ve only had to whitelist one item that was breaking functionality in apps or websites:
.ws-na.amazon-adsystem.com // Amazon app (android) won’t load properly with this blocked