Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Floating rules not working

    Scheduled Pinned Locked Moved
    pfBlockerNG
    3
    4
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • empbillyE
      empbilly
      last edited by

      Hello,

      After installing pfblockerng and enable it, we note that some queries to our dns server were being blocked. I tried to change the order to | pfSense Pass/Match|pfB_Pass/Match|pfB_Block/Reject|, but still blocking.

      Uncheck the floating rule option and the queries worked again.

      pfsense Version: 2.2.5-RELEASE (amd64)
      pfBlockerNG Version: 2.0.6

      Some know bug?

      https://eliasmoraispereira.wordpress.com/

      1 Reply Last reply Reply Quote 0
      • RonpfSR
        RonpfS
        last edited by

        You didn't provide much information.

        What does the Alerts tab show as being blocked?

        What lists the block comes from?

        Do you have suppression enabled ? Enabling suppression will remove ip such as 127.0.0.1, 0.0.0.0 etc.

        2.4.5-RELEASE-p1 (amd64)
        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

        1 Reply Last reply Reply Quote 0
        • empbillyE
          empbilly
          last edited by

          @RonpfS:

          You didn't provide much information.

          What does the Alerts tab show as being blocked?

          What lists the block comes from?

          Do you have suppression enabled ? Enabling suppression will remove ip such as 127.0.0.1, 0.0.0.0 etc.

          I noticed these blockages because the registro.br (http://www.nic.br/pagina/nicbr-atividades-registro-br/159) makes periodic tests verifying that the published dns by them is still operational. And it was from that point that I began testing of why our dns was not solving some "queries". Taking away this issue, the pfblockerng is helping me a lot.

          I have enabled the suppression because we use public IPs.

          Eg:
          With the rules of pfblockerng being set in floating rules.

          # nslookup
server <ip_of_my_dns_server>set q=AAAA
www.poa.ifrs.edu.br</ip_of_my_dns_server>

          Always show the message of connections timeout.

          The same example as above, but with the rules of pfblockerng being configured in each vlan and the |pfSense Pass/Match|pfB_Pass/Match|pfB_Block/Reject| checked, always show the correct information with the nslookup command.

          I believe that is good information and can also have a bug in this release about the floating rules.

          https://eliasmoraispereira.wordpress.com/

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            This is not a bug with the package…

            If you use the GeoIP rules and depending on what Countries you add, you can block access to the Root DNS Servers. So its up to how you configure the rules and the blocklists... Anything being blocked will show in the Alerts Tab.

            Here is an IP list of the Root DNS Servers, which should not be blocked...
            https://www.internic.net/domain/named.root

            btw - I am not actively maintaining pfBlockerNG in pfSense 2.2.x... Best to move to pfSense 2.3.x asap...

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post