Limiters and pfBlockerNG DNSBL

mir

Hi all,

After some extensive fiddling with DNSBL I might have discovered a bug.

Pfsense: 2.3.2-RELEASE-p1 (amd64)
pfBlockerNG: 2.1.1_6
Multiple internal networks.

On my interface hosting WIFI traffic I have limiters configured to restrict total bandwidth. Works as expected when DNSBL is not activated but when DNSBL is activated traffic is blocked to the DNSBL Virtual IP causing http traffic to hang. Tested in Safari, Google Chrome, and Firefox on IOS, Android, Windows, Linux, and FreeBSD.

Read more here: https://forum.pfsense.org/index.php?topic=124890.0

doktornotor

Limiters and NAT do not work except for 2.4 snapshots. DNSBL is using NAT.

mir

@doktornotor:

Limiters and NAT do not work except for 2.4 snapshots. DNSBL is using NAT.

That explains it. Thanks.

So my options are:

1. Disable DNSBL until 2.4 is released
2. Disable limiter on WIFI until 2.4 is released
3. Install a second WAN for WIFI and disable DNSBL for WIFI but keep DNSBL for the remaining interfaces and route those interfaces through the first WAN.

Hmf, I will monitor WIFI usage carefully and see if option 2) is a viable solution.

doktornotor

Ask BBcan177 about beta pfBNG access. He's got a version that does 0.0.0.0 blackhole instead of redirect to the 1x1px webserver.

mir

I will do that. Thanks again.