Back to Integrations

pfSense Integration

Block traffic to and from IPs on the ipinsights.io blocklist using pfBlockerNG-devel auto-refreshing aliases on your pfSense firewall.

Overview

pfSense is the most widely deployed open-source firewall in the homelab and SMB segments. Combined with the pfBlockerNG-devel package it can subscribe to remote IP blocklists, refresh them on a schedule and silently drop matching traffic at the perimeter.

The ipinsights.io blocklist is published as a plain-text, one-IP-per-line file at https://ipinsights.io/downloads/blocklist.txt and is regenerated every four hours — a perfect fit for pfBlockerNG's IPv4 feed format.

Prerequisites

  • pfSense CE 2.6+ or Plus 22.05+ with admin access to the WebGUI
  • pfBlockerNG-devel package installed (System → Package Manager → Available Packages)
  • Outbound HTTPS access from the firewall to https://ipinsights.io
  • An ipinsights.io API key is not required for the public blocklist — only for live lookups. Grab one from your profile page if you plan to use the lookup API as well.

Step 1 — Install pfBlockerNG-devel

  1. Browse to System → Package Manager → Available Packages.
  2. Search for pfBlockerNG-devel and click Install.
  3. Once installed, open Firewall → pfBlockerNG and complete the initial wizard, accepting the recommended defaults for your WAN and LAN interfaces.

Step 2 — Add the IP Insights Feed

Open Firewall → pfBlockerNG → IPv4 and click Add. Configure the alias as follows:

Alias Name ipinsights_block Description IP Insights — global threat intelligence blocklist List Action Deny Both Update Frequency Every 4 hours Source / Format Tab State ON Name ipinsights_full Source https://ipinsights.io/downloads/blocklist.txt Header / Label ipinsights_full Format Auto State ON

Save the alias, then click Force Update at the top of the IPv4 list to pull the feed for the first time.

Step 3 — Schedule the Refresh

Under Firewall → pfBlockerNG → General set:

CRON Settings Every 1 hour List Action Continue (so DNSBL still wins where configured) Float Rules Enabled (so the block rule is evaluated first)

The blocklist is regenerated upstream every four hours; hourly fetches are safe and keep the local list aligned within the hour.

Step 4 — Verify

Confirm the alias is populated:

# From the pfSense Diagnostics → Command Prompt, or via SSH: pfctl -t pfB_ipinsights_block_v4 -T show | head pfctl -t pfB_ipinsights_block_v4 -T show | wc -l

You should see thousands of IPv4 entries. Inspect Status → pfBlockerNG → Alerts after a few hours to see real blocks captured against the alias.

Troubleshooting

  • Alias is empty — check Firewall → pfBlockerNG → Update for HTTP errors. The most common cause is the firewall having no DNS resolver configured for outbound HTTPS.
  • Floating rule not blocking — make sure pfBlockerNG's auto-generated rules are enabled (General tab → Keep settings + Float Rules).
  • False positive — add the IP to a custom Permit alias above the deny rule, then report it via your support page.

API Key: The public blocklist is free and unauthenticated. Per-IP lookups require a key from your profile pageregister for free if you don't have one yet.

Request Higher API Limit

Running a high-volume pfSense deployment? If the default rate limit isn't enough for your environment, submit a request below and we'll review it.

Maximum 5,000 characters.