howto adblock opnsense

By | Networking | No Comments

How to adblock opnsense is very easy and can be done by running this simple script directly on the machine.


## Clean up any stale tempfile
echo "Removing old files..."
[ -f /tmp/hosts.working ] && rm -f /tmp/hosts.working

## Awk regex to be inverse-matched as whitelist
# - Project Wonderful does unobtrusive ads on a lot of webcomics
# - SolveMedia is needed for captchas on some websites

# All Blacklists

## Fetch all Blacklist Files
echo "Fetching Blacklists..."
for url in $blacklist; do
curl --silent $url >> "/tmp/hosts.working"

## Process Blacklist, Eliminiating Duplicates, Integrating Whitelist, and Converting to unbound format
echo "Processing Blacklist..."
awk -v whitelist="$whitelist" '$1 ~ /^127\.|^0\./ && $2 !~ whitelist {gsub("\r",""); print tolower($2)}' /tmp/hosts.working | sort | uniq | \
awk '{printf "server:\n", $1; printf "local-data: \"%s A\"\n", $1}' > /var/unbound/ad-blacklist.conf

## Original Proccess CMD
#awk -v whitelist="$whitelist" '$1 ~ /^127\.|^0\./ && $2 !~ whitelist {gsub("\r",""); print tolower($2)}' /tmp/hosts.working | sort | uniq | \
#awk '{printf "local-zone: \"%s\" redirect\n", $1; printf "local-data: \"%s. A\"\n", $1}' > /etc/unbound/ad-blacklist.conf

# Make unbound reload config to activate the new blacklist
#echo "Restarting unbound..."
#exec /etc/init.d/unbound reload

# Clean up tempfile
echo "Cleaning Up..."
rm -f '/tmp/hosts.working'
echo "Done. Please Restart the DNS Resolver service from the WebUI."

Disable ISP DNS EdgeOS Guide Custom Nameservers

By | Networking | No Comments

Start by logging into EdgeOS so we can configure your DNS manually.
ssh ubnt@

Turn on configuration mode

Disable /etc/resolv.conf from using ISP servers – replace eth1 with your WAN interface
set interfaces ethernet eth1 dhcp-options name-server no-update

Replace with your preferred DNS below.
edit service dns forwarding
set name-server
set name-server

Finally use DNSMasq, commit and save changes.
set system name-server

To reset the adapter
renew dhcp interface eth1

Brave is the best browser for security and privacy

By | Networking | No Comments

The team at Brave have done an amazing job with the release of their Chrome-based browser, Brave. The browser can be used on all operating systems, and don’t forget to install on your mobile devices – since the bandwidth saving ad-block features really shine on cellular connections.

Brave blocks harmful advertising

There’s a new ad game in town. It’s called “Malvertising”. The latest display ad technology can install malware on your laptop without your knowledge. But not with Brave watching your back.


Brave redirects sites to HTTPS

We’ve integrated HTTPS Everywhere into every Brave browser to make sure you are always moving your bits across the safest possible pipe.


Brave blocks Tracking Pixels and Tracking Cookies

Do you ever get that feeling that someone is watching you when you see an ad for something you bought a few days ago? We make sure you aren’t being tracked while you shop online and browse your favorite sites.

Ultimate for EDGEMAX Ubiquiti ERL3

By | Networking | No Comments

This adblock script for the Ubiquiti ERL3 router has been updated to include some of the largest adblock lists around.
I have updated the original file recommended by Ubiquiti to contain more lists. See Pi-Hole.

Login to your ERL3 and edit /config/user-data/

If you encounter errors restarting DNSMasq – check [raw]tail -f messages -n1000[/raw]


UNRAID Receive Side Scaling

By | Networking | No Comments

Receive Side Scaling in UNRAID is currently not possible. This may be a determining factor when considering this for your NAS. Samba 3 supports Multi Channel which allows you to use multiple gigabit Ethernet adapters from mixed manufactures to blast out the stream. You will need RSS support on your adapter to support this, which unfortunately UNRAID does not support, and clearly…should. If you can run RSS between Linux and Windows, then why can’t the Lime guys figure it out too?

Home Network Recommended Stack

By | Networking | No Comments

Firewall / Router :

1. OpnSense (IPv6 Support – also uses latest Unbound DNS)

2. Untangle (dismal IPv6 support but gets the job done)

3. ClearOS (lacking good IPv6 support)

Access Points:

1.  Linkys Velop

2.  Orbi – highest throughput

3.  Eero


Cisco SG200-08 8-port Gigabit Smart Switch (SLM2008T-NA) – supports 802.3ad which enables Link Aggregation with LACP (automatically!)


Plex Media Server – Recommended a specific machine for this transcoder!

PiHole Server – Block Ads and use as DNS Server (override DNS from ISP always with this box)

Backup Server/NAS Solution/Off-Site rsync

Unbound with OpnSense aka pFSense

By | Networking | No Comments

Switching from the DNS forwarder to the Unbound resolver has many benefits for your OpnSense system.  The main one is that Unbound can also use DNSSEC for validating requests.

To switch, simply follow the steps.

Step 1.  Have an OpnSense installation up and running

Step 2.  Login to

Step 3.  Select Services > DNS Forwarder and disable it

Step 4.  Select Services > DNS Resolver > General and enable it, also enable DNSSEC (if your DNS servers support it) and “Enable Forwarding Mode” should be turned on.

Step 5.  Save and Reboot for some piece of mind, and enjoy!

Webpass IPv6 Config with OpnSense aka pFSense

By | Networking | No Comments

Here is what you need to do to configure IPv6 with a fresh OpnSense Installation.

Step 1: Download and Install OpnSense – here are the USB instructions
Step 2: Access your new install at the default login is root and password is : opnsense
Step 3: Go through default config wizard, selecting DHCP for your WAN connection
Step 4: Select Interfaces > WAN > and set IPv6 Configuration Type to DHCPv6
Step 5: Check that LAN > IPv6 Configuration Type is now automatically set to Track Interface
Step 6: Restart your OpnSense box – you should now see an IPv6 address for both your WAN and LAN interface on the system dashboard.
Gateways should show WAN_DHCP with your IP and WAN_DHCP6 dynamic

These same basic instructions work for pFsense as well although the menu names may be different. My testing showed pFsense detected the IPv6 address automatically and setup everything without intervention on Webpass.