Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

While the interface may not be as pretty, you can do the same thing if you're running pfsense using the pfblocker-ng package: https://docs.netgate.com/pfsense/en/latest/packages/pfblocke... You can also so geo-based IP blocking

Combined with pfsense's recursive resolved (unbound), it makes for a pretty great home dns setup.



I know some of these words. [cries in not being network-admin educated]

Jokes aside, I'd love a blog post on this. Seriously. Very likely to apply the knowledge as well.


I would suggest starting with the pfsense documentation. It's great!


this is not for the faint-hearted!

Pi-hole is to pfBlocker as a Raspberry Pi is to a custom-built router


i am considering pfsense for my homelab setup - can you easily troubleshoot issues and whitelist addresses if you need to?


I recommend opnsense [0] over pfsense. I ran pfsense for 5 years and it is great, but there was some bad blood [1] between the two projects and the community.

[0] https://opnsense.org/

[1] https://teklager.se/en/pfsense-vs-opnsense/


Your [1] doesn't seem to have been updated for recent events, so:

- pfSense CE is an EOL product (and its replacement Plus is closed source). https://news.ycombinator.com/item?id=26479725 / https://news.ycombinator.com/item?id=27775408

- The Wireguard fiasco. https://news.ycombinator.com/item?id=30719403


I am aware of opensense, and while e.g. the GUI looks cleaner and seems to have more plugins, when I started checking it more in depth I think that pfsense has more thorough documentation and things like traffic shaping which i plan to implement seems to be way easier on pfsense

also have you done migration between the two? if so, how hard was it?


> have you done migration between the two? if so, how hard was it?

I tried the auto-migration in OPNsense (backup from PFsense, restore to OPNsense) a couple times. Both times it got it mostly right, but whatever it got wrong blocked pretty much all traffic and was difficult to figure out why because everything looked right. I gave up and stayed with PFsense, but figured if I ever really did want to switch I would start from scratch.


I've also had to decide if I want to use pfsense or opnsense, but for me, the pfblockerNG plugin was what tipped the scales in favor of pfsense.


If you're just going to use pfBlockerNG for DNS blocking, that's built in to OPNsense without needing any plugins, via Unbound DNSBLs.


Yeah. You have a live logging tab and can either put the URL into a whitelist rule by clicking on the plus icon or manually input it into a whitelist setting.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: