Firewall, Alias, add new alias, call it Spotify, add the (Hosts) IP ranges assigned to spotify then create a fw rule to block traffic destined to the alias should do it. Then you just need to keep an eye on the spotify ip ranges for changes or additions. Maybe with the Snort package in pfsense but afaik the pfsense does not identify apps by default, you could block ports like 1194 which is default for OpenVPN but the easy workaround is to put that on a different port. Pandora/Spotify/Last.FM need to be removed from the squid cache. I would remove Snort/Squid and see if that helps out. On a side note, I made a seperate Vlan for Sonos/roku/amazon fire tv bypassing squid entirely. And setup Avahi. Securely Connect to the Cloud Virtual Appliances. Netgate’s ® virtual appliances with pfSense ® software extend your applications and connectivity to authorized users everywhere, through Amazon AWS and Microsoft Azure cloud services. Network your employees, partners, customers, and other parties to share resources in site-to-cloud, cloud-to-cloud, and virtual private cloud (VPC) connectivity.
I’m already a big fan of the browser extensions uBlock Origin (ad-blocking) and Ghostery (anti-tracking), but was looking to accomplish some (if not all) of what they do in a seamless way in pfSense. This will be a work in progress but using DNSBL in pfSense I’ve begun by utilizing the following block lists:
All lists that are incorporated into pi-hole by default:
##StevenBlack’s list
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
##MalwareDomains
https://mirror1.malwaredomains.com/files/justdomains
https://mirror1.malwaredomains.com/files/justdomains
##Cameleon
http://sysctl.org/cameleon/hosts
http://sysctl.org/cameleon/hosts
##Zeustracker
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
![App App](/uploads/1/3/3/9/133901825/643843712.png)
##Disconnect.me Tracking
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
##Disconnect.me Ads
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
##Hosts-file.net
https://hosts-file.net/ad_servers.txt
https://hosts-file.net/ad_servers.txt
uBlock Origin:
##uBlock Filters Plus
https://raw.githubusercontent.com/IDKwhattoputhere/uBlock-Filters-Plus/master/uBlock-Filters-Plus.txt
![Pfsense Pfsense](/uploads/1/3/3/9/133901825/848905698.jpg)
For initial testing purposes I completely disabled all browser extensions and browsed to a few different major news sites to measure effectiveness.
This was the before.
And after. So it looks pretty promising so far. I then tried CNN, HuffPost, FoxNews, and several others and started running into some hiccups.
These ads are being blocked, but the sitecode drawing out the area before the ads are loaded still remains as a remnant. I think there will still be a place for using uBlock Origin in browser as it does add the added functionality of blocking the sitecode for these entirely and “cleaning up” the site. So absolutely not a 100% solution, but still a good one and especially so to block ads on mobile/etc. where ad-blocking may not be available or as easy to implement.
**************************************************************************
Updates & Changes (9/10/2017):
Updates & Changes (9/10/2017):
As you can see from this screenshot of firewall logs:
The uBlock filter as of yet has not blocked any traffic and the bulk of which has been covered by the Steven Black list. I’ll continue monitoring this for a week or two, but it’s entirely possible I may be able to remove the list entirely.
So far I’ve only had to whitelist one item that was breaking functionality in apps or websites:
.ws-na.amazon-adsystem.com // Amazon app (android) won’t load properly with this blocked
I’m already a big fan of the browser extensions uBlock Origin (ad-blocking) and Ghostery (anti-tracking), but was looking to accomplish some (if not all) of what they do in a seamless way in pfSense. This will be a work in progress but using DNSBL in pfSense I’ve begun by utilizing the following block lists:
All lists that are incorporated into pi-hole by default:
##StevenBlack’s list
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
##MalwareDomains
https://mirror1.malwaredomains.com/files/justdomains
https://mirror1.malwaredomains.com/files/justdomains
##Cameleon
http://sysctl.org/cameleon/hosts
http://sysctl.org/cameleon/hosts
##Zeustracker
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
##Disconnect.me Tracking
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
##Disconnect.me Ads
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
##Hosts-file.net
https://hosts-file.net/ad_servers.txt
https://hosts-file.net/ad_servers.txt
uBlock Origin:
##uBlock Filters Plus
https://raw.githubusercontent.com/IDKwhattoputhere/uBlock-Filters-Plus/master/uBlock-Filters-Plus.txt
For initial testing purposes I completely disabled all browser extensions and browsed to a few different major news sites to measure effectiveness.
This was the before.
And after. So it looks pretty promising so far. I then tried CNN, HuffPost, FoxNews, and several others and started running into some hiccups.
These ads are being blocked, but the sitecode drawing out the area before the ads are loaded still remains as a remnant. I think there will still be a place for using uBlock Origin in browser as it does add the added functionality of blocking the sitecode for these entirely and “cleaning up” the site. So absolutely not a 100% solution, but still a good one and especially so to block ads on mobile/etc. where ad-blocking may not be available or as easy to implement.
**************************************************************************
Updates & Changes (9/10/2017):
Updates & Changes (9/10/2017):
Pfsense Mobile App
As you can see from this screenshot of firewall logs:
The uBlock filter as of yet has not blocked any traffic and the bulk of which has been covered by the Steven Black list. I’ll continue monitoring this for a week or two, but it’s entirely possible I may be able to remove the list entirely.
Pfsense Android App
So far I’ve only had to whitelist one item that was breaking functionality in apps or websites:
Block Spotify App Firewall
.ws-na.amazon-adsystem.com // Amazon app (android) won’t load properly with this blocked