Some Websites become not availiable - dont know why -

krischeu

Hi,
I am running pfsense 2.4.3-RELEASE-p1 (amd64) with pfBlockerNG.
Logsettings at: Firewall/pfBlockerNG/Alerts/ show me the following:
Jun 13 09:20:26
INTERN pfB_Firehol_L3 (1512156596) TCP-S
192.168.0.166:56671 pcheinz 217.160.0.139:80
217-160-0-139.elastic-ssl.ui-...
DE Firehol_L3
217.160.0.0/24

And at the Browser I get an error like:
Error: not availiable at the moment, please try later.

Example: wetterstein.com --> not working. --> alert entry see above.

Does anybody can give me a hint, why this site is not working?

Best Regards,
Heinz

krischeu

Next example which is not working: https://www.cl-handels-gmbh.de/Netzteile/ITX-Netzteile/LC-Power-LC90ITX-bulk-ITX-Netzteil.html

krischeu

ipV4 List: https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset

krischeu

All Websites are on 217.160.0.0/24 and in ip-set of githubusercontent.com: The full /24 network is blocked.
What a shit configuration of the list.

RonpfS

Well don't use it

Or go to the Alerts (2.1.2_3) or Reports (2.2.1) Tab, there should be a "+" icon that you can use to suppress the IP range. pfBlockerNG will add the network range into the IPV4 Suppression Alias (2.1.2_3) or List (2.2.1) .

krischeu

Thank you for your answer.
I think to put a complete subnet into a block list should not be done.
But this is only something from my mind.

I will have a try with your suggestion to ignore subnet settings from a list.

Thank you for your help.

Best Regards,
Heinz

krischeu

@ronpfs
Hi,
I only see an "i" at Alert, but there is no "+".
I solved it by creating a Whitelist.

RonpfS

@krischeu Do you have Suppression enabled ?

krischeu

Now it is turned on. I will check logs when alerts comes up.

RonpfS

@krischeu It might not generate alerts for that range if it is in a whitelist.