Recently, I tried to use Cloudflare with Pfsense. I used the IP addresses 22.214.171.124 and 126.96.36.199. Those IP addresses are meant to use DNS to block malware and adult content sites. I ran into an issue getting the content blocking to work and wanted to share.
First, in Pfsense, I went to System > General Setup > DNS Server Settings.
Set the DNS servers and add as many as desired. I thought my problem was I needed to check disable DNS forwarder right below the DNS servers within that page of settings.
However, I was still able to get to the wrong sites so I was not forcing the use of Cloudflares DNS servers.
Second, within Pfsense, I went to Services > DNS Forwarder.
From there I unchecked the box to enable the DNS forwarder. This fixed my issue. It forced my devices to use the Cloudflare DNS servers and the malware / adult content filtering worked.
It’s a simple solution for using Cloudflare with Pfsense and I figured I would share in case others ran into this in their home labs.
At the time of this writing, Cloudflare DNS servers are free for anyone to use and my Pfsense version is 2.4.5 (community edition).
For more reading from Powersjo, check out my previous post on sconfig here.
If you want more information on those IPs from Cloudflare, you can find info here