• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Pfsense blocking api.particle.io

Scheduled Pinned Locked Moved pfBlockerNG
8 Posts 3 Posters 917 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    no1089
    last edited by Jan 20, 2020, 8:50 PM

    Hi,

    I am a developer support engineer with particle.io.
    Over the last week, we have received multiple reports of users using pfsense as their firewall that then blocks our API - api.particle.io.
    According to https://twitter.com/NetgateUSA/status/1219356751658651650 pfsense does not implement blocking natively.
    We have traced another source of blocking (pi-hole.net) to an aggregate list (https://github.com/StevenBlack/hosts) that uses adaway (https://github.com/AdAway/AdAway) as the source. We are in the process of trying to get them to unblock us.

    Could pfsense be referencing this same list on an extension to block ads? Any ideas?

    Kind regards,
    Chris

    J 1 Reply Last reply Jan 20, 2020, 9:14 PM Reply Quote 0
    • N
      NogBadTheBad
      last edited by NogBadTheBad Jan 20, 2020, 9:20 PM Jan 20, 2020, 8:53 PM

      PfBlocker:-

      Screenshot 2020-01-20 at 20.52.40.png

      Screenshot 2020-01-20 at 20.54.53.png

      Screenshot 2020-01-20 at 21.19.39.png

      Andy

      1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

      1 Reply Last reply Reply Quote 0
      • N
        no1089
        last edited by Jan 20, 2020, 9:00 PM

        Hi Andy!

        Thank you! That is exactly what I need. I am glad that Adaway is the only source - we were worried that more lists might be involved.

        I appreciate you looking this up.

        We have no idea why our api was targeted 🤔

        1 Reply Last reply Reply Quote 0
        • N
          NogBadTheBad
          last edited by Jan 20, 2020, 9:13 PM

          Short term your users could add api.particle.io to the DNSBL whitelist via

          Firewall -> pfBlockerNG -> DNSBL -> DNSBL Whitelist

          Andy

          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

          1 Reply Last reply Reply Quote 0
          • J
            jdeloach @no1089
            last edited by jdeloach Jan 20, 2020, 9:18 PM Jan 20, 2020, 9:14 PM

            @no1089

            If the folks running pfblockerng package on their pfsense firewall machines have the "TLD" function enabled in DNSBL, the ".io" in your domain name could also trigger a block on the users machines. Also there is a TLD block list that could also cause your domain to be blocked.

            1 Reply Last reply Reply Quote 0
            • N
              no1089
              last edited by Jan 20, 2020, 9:22 PM

              @NogBadTheBad Thank you - we are advising users to do just that.
              @jdeloach why would .io trigger a block? Is this TLD considered a nuisance?

              It seems Adaway is the only source of our block - currently trying to get them to remove it.

              N 1 Reply Last reply Jan 20, 2020, 9:29 PM Reply Quote 0
              • N
                NogBadTheBad @no1089
                last edited by NogBadTheBad Jan 20, 2020, 9:32 PM Jan 20, 2020, 9:29 PM

                @no1089

                You can register blahblahblah.io quite cheaply $90, blahblahblah.tk is even worse it's free.

                https://en.wikipedia.org/wiki/.io

                https://en.wikipedia.org/wiki/.tk

                Some of the IDS rules go as far as blocking .tk DNS lookups, not that this would cause you issues.

                alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET DNS Query to a .tk domain - Likely Hostile"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"|02|tk|00|"; fast_pattern; nocase; distance:0; content:!"|03|www|06|google|02|tk"; metadata: former_category DNS; classtype:bad-unknown; sid:2012811; rev:4; metadata:created_at 2011_05_15, updated_at 2019_09_28;)

                Andy

                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                1 Reply Last reply Reply Quote 0
                • N
                  no1089
                  last edited by Jan 21, 2020, 8:45 AM

                  @NogBadTheBad $90 is a lot more expensive than most TLDs, so I don't understand why that would be a reason to block an entire TLD.

                  Ouch, glad I don't have any .tk domains then!

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received