pfSense Block DNS Requests – No More Malware

Now that I have everything in place, I have my pfSense block DNS requests made externally to my network.

This means that the firewall drops any DNS request sent to a host other than 127.0.0.1 (the pfSense box).

The main reasoning behind this is to prevent various types of malware or DNS hijacking attempts. Additionally, it allows me to make sure that all of my DNS requests are in one place for monitoring/logging.

To start, I setup a firewall rule to block ALL LAN traffic on port 53 (DNS).

Once that was in place, I setup a firewall to then allow any requests on port 53 to the pfSense box.

With those two rules in place, the firewall only allows port 53 traffic directed to the pfSense box.

Here are the final firewall rules in place. Note that the order matters, and the ALLOW needs to go before the DENY. The reason for this is that they occur in order; if the DENY was first then even DNS traffic to the pfSense box would get blocked.

To test this out, I setup my DNS server as Google (8.8.8.8) and attempted an nslookup on google.com As you can see, the request failed. To prove that it wasn’t a connection issue, I also pinged 8.8.8.8, which was successful.

All in all, a pretty simple solution, but something that I’m glad I setup.

After running this for a while, I’ve even managed to block a few more requests! I don’t expect to see much in here based on my home network, but it is nice to see it doing something.