Add ThreatListPro's curated VPN brute force blocklist to your pfSense firewall using pfBlockerNG. Automatically block attackers before they reach your VPN portal.
Start Blocking Attacks -- $9.99/mopfSense is popular with SMBs and homelabs alike. If your OpenVPN or WireGuard port is exposed to the internet, bots are already probing it.
Automated scanners continuously sweep the internet for open VPN ports. Once found, they launch credential-stuffing attacks using leaked password databases. pfSense logs fill with failed authentication attempts, consuming CPU cycles and disk space. Without proactive blocking, it is only a matter of time before a weak or reused credential is guessed.
pfBlockerNG is pfSense's most popular package for IP and DNS blocking. ThreatListPro feeds directly into pfBlockerNG as a custom IP list, blocking known VPN attackers at the firewall level. No failed logins, no log noise, no wasted resources. The list updates every 60 seconds and pfBlockerNG pulls it on your configured schedule.
Add ThreatListPro as a custom IPv4 blocklist in pfBlockerNG. Works with pfSense CE and pfSense Plus.
In pfSense, go to System > Package Manager > Available Packages. Search for pfBlockerNG and click Install. We recommend pfBlockerNG-devel for the latest features.
Sign up at threatlistpro.com and copy your unique feed URL from the dashboard:https://feed.threatlistpro.com/v1/edl/YOUR_API_KEY
Navigate to Firewall > pfBlockerNG > IPv4. Click Add to create a new IPv4 group. Set the alias name to ThreatListPro, paste the feed URL as the source, set format to Auto, and action to Deny Inbound. Set the update frequency to Every 1 hour.
Go to pfBlockerNG > General and ensure the package is enabled. Then navigate to pfBlockerNG > Update and click Run with Force Update selected to load the blocklist immediately.
Check Firewall > pfBlockerNG > Alerts to see blocked IPs in real time. You can also verify the alias is populated under Diagnostics > Tables by looking for the pfB_ThreatListPro table.
See how a VPN-focused blocklist compares to other approaches for protecting your pfSense firewall.
| Feature | ThreatListPro | Manual Blocking | Enterprise Threat Feeds |
|---|---|---|---|
| VPN brute-force focused | ✓ | ✗ | ✗ |
| Real-time updates (60s) | ✓ | ✗ | ✓ |
| pfBlockerNG compatible | ✓ | ✗ | ✓ |
| Automatic stale IP removal | ✓ | ✗ | ✓ |
| Setup in under 5 minutes | ✓ | ✗ | ✗ |
| Price | $9.99/mo | Staff time | $500+/mo |
In the pfSense web interface, go to System > Package Manager > Available Packages and search for pfBlockerNG. Click Install. After installation, navigate to Firewall > pfBlockerNG to begin configuration. pfBlockerNG-devel is recommended for the latest features and IPv6 support.
In pfBlockerNG, go to the IPv4 tab and click Add. Create a new alias group, paste your ThreatListPro feed URL as the source, set the format to Auto, action to Deny Inbound, and update frequency to Every 1 hour. Then run a Force Update to load the list immediately.
Yes. ThreatListPro provides a standard plaintext IP list that works with pfBlockerNG on both pfSense Community Edition and pfSense Plus. The setup steps are identical for both versions.
Pair pfBlockerNG with ThreatListPro for automated VPN brute force protection.
Get ThreatListPro -- $9.99/moThreatListPro provides a standard IP blocklist feed compatible with any firewall that supports external lists.
Learn more about IP blocklists, VPN security, and how ThreatListPro compares to alternatives.