pfBlocker & slow speeds



  • pfBlocker appears to slow down my Internet 'speed' after running fine for a couple of months.
    I set up pfBlock & DNSBL with 5 built-in IP Collections, 8 custom DNSBL, like dshield, and most GeoIP. My config works great for months and the bandwidth is perfect. Then I'll start noticing latency and slow speed tests. If I disable pfBlock/DNSBL the speed returns to normal? Could pfBlock affect speeds after a period of time? Is there any maintenance I should do? Or something to be aware of while running it?



  • @Tleary said in pfBlocker-ng slow speeds:

    and most GeoIP

    That's my first thought.



  • @NollipfSense checking that out now.


  • LAYER 8 Global Moderator

    How exactly does blocking dns dns slow down your "speed" Make ZERO sense..

    Something either resolves or it doesn't - pfblocker as nothing to do with the traffic moving through pfsense..

    Your blocked or your not blocked - how does that slow you down?



  • @johnpoz I have absolutely no idea. It doesn't make any sense to me so that's why I posted. Maybe there was something I'm unaware of. It's just DNS / IP blocking. I'll notice Internet connection's 'speed' doesn't respond as fast as 500mbs should. I only have pfblock on. Regardless, when I disable IP/DNSBL everything is super fast again. I'm running off of a 3100-sg. I had the problem a few times after restoring to defaults.


  • LAYER 8 Global Moderator

    @Tleary said in pfBlocker-ng slow speeds:

    connection's 'speed' doesn't respond as fast as 500mbs should

    You do understand that dns can go offline for a while if pfblocker is restarting unbound... You say 'connection' speed.. So is your dns going on and off?

    This can present itself as dns not working, etc. Then sure shit could look broken.. But once you connect your speed would be fine.. Since again pfblocker has nothing to do with that connection..

    Look in your log - how often is unbound restarting?



  • 5 dnsbl feeds unbound once a day. I'm going through the logs.



  • Is your pfblockerNG Reloading or Restarting Unbound?

    When you experience the slowdown, Restart (or Stop / Start) Unbound from the Status / Services Tab to see if the slowdown persist.



  • @RonpfS @johnpoz I'm looking into this, might take me some time to get accurate tests. When I get a better understanding of how Unbounding is working for my 3100-SG, I'll post back. I'm spending time deciphering the packages logs. Update will be coming. thx!!



  • @johnpoz @RonpfS Alright, so I have the issue occurring, but I can't tell which log I should be checking.
    The Log Files error.log:

    [ pfB_Main_Block_List_IPv4_v4 - uBlockFiltersPlus_v4 ] Download FAIL [ 10/25/19 00:01:54 ]
    [ raw.githubusercontent.com ] Domain listed in DNSBL

    Restoring previously downloaded file contents.... unknown http status code | 0

    [ DNSBL_Malicious2 - StevenBlack_BD ] Download FAIL [ 10/25/19 08:00:15 ]
    [ raw.githubusercontent.com ] Domain listed in DNSBL

    Restoring previously downloaded file
    . unknown http status code | 0

    .----------
    The System Log / General is ok. Mostly says no update needed:
    Oct 25 13:04:06 check_reload_status Syncing firewall
    Oct 25 13:04:10 check_reload_status Syncing firewall
    Oct 25 13:04:10 check_reload_status Syncing firewall
    Oct 25 13:04:11 check_reload_status Reloading filter
    Oct 25 13:04:11 php-fpm 362 [pfBlockerNG] Stopping firewall filter daemon
    Oct 25 13:04:22 check_reload_status Syncing firewall


  • LAYER 8 Global Moderator

    why is your download failing?



  • @Tleary said in pfBlocker-ng slow speeds:

    @johnpoz @RonpfS Alright, so I have the issue occurring, but I can't tell which log I should be checking.
    The Log Files error.log:

    Maybe start with Firewall / pfBlockerNG / Log Browser pfblockerng.log ;-)



  • Yes, lol, well, what I mean is...I went through all the logs and was wondering if there was anything to specifically identify. I had seen pfblockng.log. All it contained was my feeds really. There was one failing for githubcontent.com @johnpoz soI removed that feed. The error.log wasn't useful either. It just had two lines that repeated; the failure and status code 0. I'll keep going through the logs but even though there's so many I haven't seen one to explain this problem.

    The failed log is in another post: https://forum.netgate.com/topic/124227/dnsbl-blocks-itself/3



  • Following up. I just had the issue again. This time I checked out my Resource Monitor. The TCP Connection monitor was very high but I did not have a ridiculous amount of browsers open. I looked at TCP View and the connections were fine; quantity, bytes sent/received, software connected. Proccess Explorer was fine. I have a very good computer. i7 9xxx 32gb ddr4. m.2. My ISP gives me a lot of bandwidth. Anyway, the bandwidth went down to 30MiB. I disabled my NIC. When I reenabled it the speed tests were fine again. So, I have to look more into managing my network adapter I suppose. The driver's updated. I'm not sure why it's getting such a loss of performance. I'll have to look at a way to clear it just like disabling it does. I'll continue to review the DNSBL logs and post anything notable. The issue is fixed by disabling pfBlocker but I'm not clear on the connection.

    Post Note: The Resource Monitor showing 90% TCP connections are on tons of computers, including a work computer. I don't know if the conclusion was correct. I'm going to run ipconfig /flushdns next time or I'm going to sleep all my tabs next time.



  • Post Comment: It still occurs sometimes. If I use a VPN client to bypass the pfsense the Internet 'speeds' are fine and fast. Instantly after connecting everything loads ultra fast.


Log in to reply