Corporate
Professional
Dark navy + gold. For offices, banks, regulated businesses. Shows blocked URL, client IP, timestamp and an IT contact.
Three pfBlockerNG block pages + three captive portal splash screens. Preview them live, copy the code with one click, paste into pfSense, done. Every template is mobile-responsive and brand-customisable via CSS variables.
What users see when they try to visit a domain you've blocked. Replaces the default plain-white pfBlockerNG page with something professional.
Dark navy + gold. For offices, banks, regulated businesses. Shows blocked URL, client IP, timestamp and an IT contact.
Lighter tone, emoji-led messaging. For schools, homes, hostels. Less "corporate scolding", more "hey, this isn't available".
Red security-alert aesthetic. For SOCs, MSSPs, serious warnings when a malware domain is caught. Shows threat category + feed source.
Make sure pfBlockerNG is installed and at least one DNSBL group is enabled.
Firewall › pfBlockerNG › DNSBL › DNSBL SettingsEnable the DNSBL Webserver. Choose a port (default 8081 — must not clash with WebGUI).
You'll see a large text area for custom HTML. This overrides the default block page site-wide.
Firewall › pfBlockerNG › DNSBL › DNSBL Settings › DNSBL Custom ContentClick Copy HTML on any template above, paste the entire thing into the Custom Content field.
Find and replace {{COMPANY_NAME}}, {{IT_EMAIL}}, {{LOGO_URL}} with your organisation's details. Optionally tweak brand colours in the :root CSS block.
Do not remove $HOST_NAME$, $CLIENT_IP$, $RULE_NAME$. pfBlockerNG substitutes these live at request time so each user sees the domain they tried to visit.
Click Save, then go to Update → Force Reload (All) to apply. Test by trying to reach a blocked domain.
Firewall › pfBlockerNG › Update › Force › Reload (All)The splash page guests see on your WiFi before they get internet. All templates include the required pfSense form fields ($PORTAL_ACTION$, zone, redirurl, voucher or accept button).
Elegant brand-ready splash. Accepts a voucher code (room key style) + acceptable-use consent. Full brand logo + welcome message.
One-click accept. No credentials, just an AUP checkbox and a "Connect" button. Warm coffee-shop aesthetic.
For office lobbies and B2B visitors. Name + company + host + AUP — sent to your RADIUS or logged for compliance.
Each zone attaches to one interface (usually your guest VLAN or dedicated WiFi interface).
Services › Captive Portal › AddZone name (e.g. "GuestWiFi"), assign the interface, set idle timeout (e.g. 60 min) and hard timeout (e.g. 480 min).
Hotel voucher → select Voucher, generate voucher rolls. Cafe → select "None, don't authenticate" for the simple accept button. Corporate → Local User Manager or RADIUS.
Services › Captive Portal › (zone) › AuthenticationCopy one of the templates above and paste into the "Portal page contents" HTML upload.
Services › Captive Portal › (zone) › Upload ▸ Portal page contentsDo not change $PORTAL_ACTION$, $PORTAL_ZONE$, $PORTAL_REDIRURL$, accept/auth_voucher/auth_user/auth_pass input names. pfSense's backend matches these exactly.
Replace {{VENUE_NAME}}, {{LOGO_URL}}, {{WELCOME_TEXT}} and adjust CSS variables in :root to match your brand.
If referencing an external image, either link to an absolute URL or upload the file alongside the HTML in the same upload section and reference it as captiveportal-logo.png.
Click Save. Connect a test device to the guest SSID. You should hit the splash page; after accepting you're let through.
Company logo, animated backgrounds, SMS OTP, voucher management UI, session reporting and RADIUS integration. Handover includes admin docs and operator training.