pfBlockerNG blocking access to android bank app



  • Good day everybody,

    Since a few days now I am testing pfBlockerNG 2.2.5_27. So far everything is working like a charm. There are a lot of tutorials which helped me in the right direction.

    There is still a problem which I do not get figured out. Since using pfBlockerNG my bank app called “Rabo App” on my Samsung Galaxy S9 android phone isn’t fully loading anymore. After authenticating with my fingerprint it stops logging in to the actual application. The loading wheel keeps spinning. I tried playing around with some whitelisting etc. but it just won’t work. Accessing the website of Rabobank is working ok on the other hand. Also turning of the Wi-Fi and start the app on the 4G network, is working just fine. So it must be pfSense related I’m guessing.

    Maybe you guys can help me trouble shoot this issue and solve it. Checking the logs doesn’t make any sense to me. As a beginner I just don’t know what to look for. Google isn’t a great help either. So any help is mostly appreciated.

    Look forward to some replies. If more info is needed then please ask me.

    Kind regards,
    Herman F.



  • Go to the Reports/Alerts Tab, access the site, refresh the tab and it will tell you what is blocked.

    You can also hit F12 in a browser to inspect the Network activity.



  • Hello @RonpfS ,

    Thank you for the fast reply. I’ve bin there. There is nothing to see in the Reports/Alerts Tab that makes any sense to me regarding the app. The F12 option is only for Windows platforms. The website of the bank is working properly. The problem is the android app. Looked all day for a proper solution, but still no luck. Drives me crazy!



  • Hi,

    The app is hitting an IP or using a domain that is listed DNSBL.

    Goto

    9374cc7d-212c-4ce9-86f0-70e5a189127a-image.png

    and check :

    56843fea-4d4d-42e8-851b-8ab4f5e36b08-image.png

    as you can see, my iPhone (IP 192.168.2.5) tried to load some stuff from domains that are blocked.
    That is, an ap I was using tried to load some adds or comparable.

    Shut down the app on your phone.
    Open this log.
    Open the app on your phone.
    Refresh the log.
    The latest new entries are probably your phone - check with host name and/or the local LAN IP.

    The domains listed could be the ones listed that the app tries to open - and it was blocked.
    Whitelist them by clicking on black + sign.
    Make it a wildcard whitelist.
    Add a note for yourself.

    Retest.

    Btw : a bank app is using and loading publicity from known publicity servers ?? Strange.



  • Hi @Gertjan,

    Thanks for the help. Did exactly what you described. But nothing does the trick.

    In my DNS cache I found the following CNames. Tried to exclude them in de DNSBL list. Unfortunately no result.

    bankieren.rabobank.nl.edgekey.net.
    log.rabobank.nl.edgekey.net.
    www.rabobank.nl.edgekey.net.

    Any idea's?



  • When you use the Report tab to Whitelist domains, pfblockerNG will gather the CNAMEs and whitelist them.

    Maybe it is the IPs that get blocked and not the Domain name.



  • @RonpfS I am starting also to believe that it is IP related. But still I do not see anything that is blocked regarding the banking app.


Log in to reply