pfBlocker blocks outgoing traffic when it should not

focheur91300

Hello everyone,

I'm coming to you, because for some time I've been experiencing a problem with unwanted IP blocking with pfBlocker.
The problem occurs every other day in the middle of the night during the update of the feeds.

I have configured pfBlocker to only block incoming traffic on my firewall and integrate a whitelist.

The problem is the following pfBlocker blocks outgoing traffic from my public ip to Cloudflare DNS which I use for name resolution.
Despite the whitelist and where are my public ip and Cloudflare for security.

Other information it has always worked without problem.
To solve the problem, I have to disable the clean folders service:

rm -r /var/db/pfblockerng/deny/*
rm -r /var/db/pfblockerng/native/*
rm -r /var/db/pfblockerng/match/*
rm -r /var/db/pfblockerng/permit/*
rm -r /var/db/pfblockerng/original/*

Reactivate it and update it again.

Last info, I do the updates of pfBlocker by a script:

#!/bin/sh

LANG=en_US.UTF-8

copyright=$(
echo "##############################################"
echo "# NAME : PFBLOCKERNG"
echo "# VERSION : 1.2"
echo "# AUTHOR : focheur91300"
echo "# LAST UPDATE : 07/01/2021"
echo "##############################################"
echo " "
)

clear
echo "$copyright"

# Cleaning pfblockerng
rm -r /var/db/pfblockerng/deny/*
rm -r /var/db/pfblockerng/dnsbl/*
rm -r /var/db/pfblockerng/dnsblorig/*
rm -r /var/db/pfblockerng/dnsbalias/*
rm -r /var/db/pfblockerng/native/*
rm -r /var/db/pfblockerng/match/*
rm -r /var/db/pfblockerng/permit/*
rm -r /var/db/pfblockerng/original/*
rm -r /var/db/pfblockerng/DNSBLIP_v4.txt
rm -r /var/db/pfblockerng/top-1m.csv

# Cleaning the pfblockerng log
rm -r /var/log/pfblockerng/extras.log
rm -r /var/log/pfblockerng/pfblockerng.log
rm -r /var/log/pfblockerng/error.log
rm -r /data/sh/system/pfblockerng_error.log

# Update pfblockerng
/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc >> /var/log/pfblockerng/extras.log 2>&1

/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> /var/log/pfblockerng/pfblockerng.log 2>&1

# Error report pfblockerng update
cat /var/log/pfblockerng/error.log  | grep "Download FAIL" >> /data/sh/system/pfblockerng_error.log

Thank you in advance.

Gblenn

@focheur91300 It sounds and looks at least somewhat similar to an issue I have had for a few months. Difference being that for me this only occurred once per month, not every other day...

My solution was to stop using floating rules for pfBlocker...

https://forum.netgate.com/topic/176384/pfblocker-suddenly-blocks-all-dns-lookups

focheur91300

@gblenn Thanks to you,
I just turned off the floating rules.
I think it will work.