Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfblocker blocks all WAN traffic

    Scheduled Pinned Locked Moved pfBlockerNG
    10 Posts 5 Posters 973 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      docsquic
      last edited by

      Starting yesterday mid-afternoon, All Wan traffic was suddenly blocked. The internal network functioned fine, but no internet traffic. After checking all hardware and connections I focused on Pfsense. REstarted the router several times with no luck. I then decided to use the process of elimination by removing one service at a time. I started with Pfblocker and boom everything came back up. I thought it might be outdated so I updated the package. When I enabled it the same thing happened...no internet. Turned it off..All is well. I'm funning the 2,7.2 CE release and the latest PfblockerNG devel. as of yesterday.

      I don't understand why it suddenly created a problem? It has worked fine for over a year. Very strange. Any ideas would be greatly appreciated.

      Thanks,
      Mark

      1 Reply Last reply Reply Quote 0
      • U
        Uglybrian
        last edited by

        I think every one is going to need to know what feeds you are utilizing. Along with firewall rules.

        1 Reply Last reply Reply Quote 0
        • D
          docsquic
          last edited by

          Here are screen shots of my feeds:

          ce6e394d-32ed-4b45-9053-202a7f003ef4-image.png

          34c687ef-dab3-4df6-80e6-04560eba980d-image.png

          948c6032-85f8-4d61-91da-3f2d8b323ff6-image.png

          ecc6b010-4fc8-4619-9cc7-f6b65322896c-image.png

          bf640179-fbec-4439-9773-f7a7071acd40-image.png

          4bdcc41a-f8ad-4909-b6a1-5b1cc3031531-image.png

          I set up Pfsense according to Tom Lawrences suggestions. Pretty standard. The Wan interface has no rules.

          Mark

          1 Reply Last reply Reply Quote 0
          • U
            Uglybrian
            last edited by

            You haven’t said, but I’m sure you’ve already checked your active alerts and status block. Just to see DNS or one IP address is being blocked somehow. It’s happened before. You may want to try deactivating one feed at a time , That way will help hopefully narrow down the problem.

            1 Reply Last reply Reply Quote 0
            • D
              docsquic
              last edited by

              Thanks, I'll give that a try.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @docsquic
                last edited by johnpoz

                @docsquic yeah I do recall like 8.8.8.8 getting blocked before.. If that is what your client is using for dns - kind of hard for the internet to work ;)

                So its possible if your using external dns on your client, or doh for example that could of been blocked by one of your feeds.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • D
                  docsquic
                  last edited by

                  Makes sense. Thanks

                  J 1 Reply Last reply Reply Quote 0
                  • J
                    jlw52761 @docsquic
                    last edited by

                    @docsquic did you ever find a resolution to this, having the same issue right now and only thing that seems to work is turning off pfBlocker, which is suboptimal to say the least.

                    JeGrJ D 2 Replies Last reply Reply Quote 0
                    • JeGrJ
                      JeGr LAYER 8 Moderator @jlw52761
                      last edited by

                      @jlw52761 as @johnpoz wrote above "when your DNS is on the blocklist it's hard for the internet to work".

                      I certainly doubt that pfB just blocked your entire internet but mainly perhaps some IP you used for DNS or sth alike. That's to check and if that's the case, just exclude the IP from being blocked either by the supression list or by including / making an allowlist for false positives.

                      Cheers

                      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

                      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                      1 Reply Last reply Reply Quote 0
                      • D
                        docsquic @jlw52761
                        last edited by

                        @jlw52761 Yes, I followed the suggestions in the answers and started disabling the feeds one by one and found the culprit. I checked the logs and found which feeds were mentioning the DNS address ( there were about 8) then just disabled them one at a time and found the one blocking DNS traffic.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.