Pfsense blocking api.particle.io
-
Hi,
I am a developer support engineer with particle.io.
Over the last week, we have received multiple reports of users using pfsense as their firewall that then blocks our API - api.particle.io.
According to https://twitter.com/NetgateUSA/status/1219356751658651650 pfsense does not implement blocking natively.
We have traced another source of blocking (pi-hole.net) to an aggregate list (https://github.com/StevenBlack/hosts) that uses adaway (https://github.com/AdAway/AdAway) as the source. We are in the process of trying to get them to unblock us.Could pfsense be referencing this same list on an extension to block ads? Any ideas?
Kind regards,
Chris -
PfBlocker:-
-
Hi Andy!
Thank you! That is exactly what I need. I am glad that Adaway is the only source - we were worried that more lists might be involved.
I appreciate you looking this up.
We have no idea why our api was targeted
-
Short term your users could add api.particle.io to the DNSBL whitelist via
Firewall -> pfBlockerNG -> DNSBL -> DNSBL Whitelist
-
If the folks running pfblockerng package on their pfsense firewall machines have the "TLD" function enabled in DNSBL, the ".io" in your domain name could also trigger a block on the users machines. Also there is a TLD block list that could also cause your domain to be blocked.
-
@NogBadTheBad Thank you - we are advising users to do just that.
@jdeloach why would .io trigger a block? Is this TLD considered a nuisance?It seems Adaway is the only source of our block - currently trying to get them to remove it.
-
You can register blahblahblah.io quite cheaply $90, blahblahblah.tk is even worse it's free.
https://en.wikipedia.org/wiki/.io
https://en.wikipedia.org/wiki/.tk
Some of the IDS rules go as far as blocking .tk DNS lookups, not that this would cause you issues.
alert udp $HOME_NET any -> $EXTERNAL_NET 53 (msg:"ET DNS Query to a .tk domain - Likely Hostile"; content:"|01|"; offset:2; depth:1; content:"|00 01 00 00 00 00 00|"; distance:1; within:7; content:"|02|tk|00|"; fast_pattern; nocase; distance:0; content:!"|03|www|06|google|02|tk"; metadata: former_category DNS; classtype:bad-unknown; sid:2012811; rev:4; metadata:created_at 2011_05_15, updated_at 2019_09_28;)
-
@NogBadTheBad $90 is a lot more expensive than most TLDs, so I don't understand why that would be a reason to block an entire TLD.
Ouch, glad I don't have any .tk domains then!
