pfSense Block DNS Requests – No More Malware

Now that I have everything in place, I have my pfSense block DNS requests made externally to my network.

This means that the firewall drops any DNS request sent to a host other than 127.0.0.1 (the pfSense box).

The main reasoning behind this is to prevent various types of malware or DNS hijacking attempts. Additionally, it allows me to make sure that all of my DNS requests are in one place for monitoring/logging.

To start, I setup a firewall rule to block ALL LAN traffic on port 53 (DNS).

pfSense Block DNS - Block All

Once that was in place, I setup a firewall to then allow any requests on port 53 to the pfSense box.

pfSense Block DNS - Allow DNS Local

With those two rules in place, the firewall only allows port 53 traffic directed to the pfSense box.

Here are the final firewall rules in place. Note that the order matters, and the ALLOW needs to go before the DENY. The reason for this is that they occur in order; if the DENY was first then even DNS traffic to the pfSense box would get blocked.

pfSense Block DNS - Firewall Rules

To test this out, I setup my DNS server as Google (8.8.8.8) and attempted an nslookup on google.com As you can see, the request failed. To prove that it wasn’t a connection issue, I also pinged 8.8.8.8, which was successful.

pfSense Block DNS - DNS Blocked

All in all, a pretty simple solution, but something that I’m glad I setup.

After running this for a while, I’ve even managed to block a few more requests! I don’t expect to see much in here based on my home network, but it is nice to see it doing something.

pfSense Block DNS - Stats

1 thought on “pfSense Block DNS Requests – No More Malware”

  1. Pingback: PingBack | MottoIN

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.