Site being blocked by pfB_Top_v4 rule; whitelists not working.
-
nslookupforhandbrake.frcomes back with a valid IP.pingof the IP addr doesn't respond.I've added
.handbrake.frtoDNSBL -> Custom Domain Whitelistand46.0.0.0-46.255.255.255toIPv4 -> Whitelist -> Custom Address(es).I'm also seeing nothing in pfblockerng.log.
Please let me know what else I can try to troubleshoot this issue.
-
Site being blocked by pfB_Top_v4 rule;
Did you have a look at the "pfB_Top_v4" file ?
I could find :... pfB_Top_v4 46.0.0.0/16 pfB_Top_v4 46.102.107.0/24 pfB_Top_v4 46.102.251.0/25 ...None of these networks can make " 46.105.55.28" fit.
Is the IP (network) listed in another feed ?
If not, it will be hard to whitelist something that isn't listed in the first place : the blocking reason is else where.Btw :
[2.4.5-RELEASE][admin@pfsense.brit-hotel-fumel.net]/root: ping 46.105.55.28
PING 46.105.55.28 (46.105.55.28): 56 data bytes
64 bytes from 46.105.55.28: icmp_seq=0 ttl=50 time=23.091 ms
64 bytes from 46.105.55.28: icmp_seq=1 ttl=50 time=23.262 ms
64 bytes from 46.105.55.28: icmp_seq=2 ttl=50 time=22.838 msI guess 46.105.55.28 blocked your IP, at least for ping requests ...
-
How do I go about viewing the entire file? Sorry if this is a Kindergarten-level question. I'm new to all this.
Might there be some other reason pfSense is reporting that as the reason the site is being blocked?
Also, if I don't go through the firewall, I'm able to get to the site.
But even after disabling THE
pfB_Top_v4rule, I'm still unable to get to that site. -
As said, nothing is blocked on your side.
It 'their' side - or the way from you to there.Try another connection like your phone data - and you will be able to connect.
True ?edit :
@November said in Site being blocked by pfB_Top_v4 rule; whitelists not working.:
Also, if I don't go through the firewall, I'm able to get to the site.
Then the easy one is : remove pfNlockerNG, - do a reboot to be sure, and you'll be fine.
pfSense does not block.Btw : if you
ping 46.105.55.2then the DNS isn't even used.
I can ping just fine to them. I'm using pfBlocker-NG with the same feed as you.
-
Yes, if I use my phone data connection, I can get through. And if I turn off the
pfB_Top_v4rule, I can also get through.If they're blocking me or something on the way from me to them is blocking me, why is it if I disable the rule I'm able to get through? And if the rule isn't involved in this, why is pfSense reporting the following:
Jul 9 15:10:11 LAN pfB_Top_v4 (1770011752) TCP-S 192.168.1.100:41138 46.105.55.28:443 vm4.handbrake.fr FR CountryPlease, these aren't rhetorical questions. I would really like to gain better and deeper understanding of what's going on here.
What tools might I shed more light on what's happening?
-
@November said in Site being blocked by pfB_Top_v4 rule; whitelists not working.:
Yes, if I use my phone data connection, I can get through. And if I turn off the
pfB_Top_v4rule, I can also get through.If they're blocking me or something on the way from me to them is blocking me, why is it if I disable the rule I'm able to get through? And if the rule isn't involved in this, why is pfSense reporting the following:
Jul 9 15:10:11 LAN pfB_Top_v4 (1770011752) TCP-S 192.168.1.100:41138 46.105.55.28:443 vm4.handbrake.fr FR CountryPlease, these aren't rhetorical questions. I would really like to gain better and deeper understanding of what's going on here.
What tools might I shed more light on what's happening?
Your testing with your phone's data connection, and then disabling the pfB_Top_v4 list, indicates to me that most definitely that pfB_Top_v4 list contains that IP address. Most likely it is contained within a defined netblock in that list. You will need to open up that list and search all the 46.x.x.x addresses in it either using command-line tools such as
grepor by opening the file directly in an editor. I'm not a pfBlocker user, but if I recall correctly from posts by other users, the IP lists are not necessarily in numerical order. So search thoroughly the entire file. -
Hello!
I think that pfB_Top_v4 is part of the GeoIP (not DNSBL) system in pfb. Check in Firewall -> pfBlockerNG -> IP -> GeoIP -> Top Spammers and make sure that France is not selected as one of the top spammers.
Under Firewall -> pfBlockerNG -> IP is an IPv4_Suppression section that might whitelist IPs.John
-
While tools like pfBlockerNG can be very useful, some of the IP lists folks choose to use with it can be rather broad in what they block. Couple that with the fact some of the lists are poorly maintained, and you have a set of conditions that can frequently lead to unintended blocking of legitimate sites.
So users need to carefully review the lists they choose to use. Personally I am not a fan of large-scale blocking of netblocks, but others have a different view and to each his own. It is a rather frequent occurence of users breaking their Internet in some fashion with the use of either large numbers of "bad IP" lists they find on the web or using a VPN for privacy and running into the automatic blocks of a number of VPN provider netblocks by major sites (especially streaming services).
-
<aha-moment/> Yes, of course! That's one thing that I was missing! That must be why the whitelists I've been trying have been having no effect.
I had set up this rule to block both incoming and outgoing traffic. Since the list is for top spammers, I've allowed outgoing traffic to go through.
Thanks so much for the info that got things to click for me!
-
Hello!
Commands I have found helpful. Assumes you have a maxmind key, feeds selected/updated, etc...
Run from shell or DiagCommandPrompt...Check to see what country an IP is listed in :
grep "^46.105.*" /usr/local/share/GeoIP/cc/*Check to see which installed lists an IP is in :
grep "^46.105.*" /var/db/pfblockerng/deny/* grep "^46.105.*" /var/db/aliastables/*Check to see if a domain is listed in an installed dnsbl feed :
grep "handbrake" /var/db/pfblockerng/dnsbl/*I am sure there are others...
John
-
@bmeeks said in Site being blocked by pfB_Top_v4 rule; whitelists not working.:
by opening the file directly in an editor.
As I said above, open the file and check.
pfBlocker has a Firewall > pfBlockerNG > Log Browser option where you can see every (any !) file used by pfBlockerNG.
Hitting Ctrl-F (poor man's grep) for "46.1" did give two results for me, but not the network I was looking for.
This :
@serbus said in Site being blocked by pfB_Top_v4 rule; whitelists not working.:
I think that pfB_Top_v4 is part of the GeoIP (not DNSBL) system in pfb. Check in Firewall -> pfBlockerNG -> IP -> GeoIP -> Top Spammers and make sure that France is not selected as one of the top spammers.
answers one of my own questions : where does "pfB_Top_v4" come from - as I started to think that this list isn't identical for us all.
Of course : it's build from GeoIP data !This :
[grep "^46.105." /usr/local/share/GeoIP/cc/](link url)
returns, among others/usr/local/share/GeoIP/cc/FR_v4.txt:46.105.0.0/18right away - and a lot more.
I still could find a network match for 46.105.55..... - but, because I'm living in France, I do not (not) have FR checked in the GeoIP selection - didn't know they could spam over here, as we have laws that say that that isn't allowed ... ( ;) )edit : I'm getting to old for this ?
I actually "own" (rent for live) a 46.105.x.y IP ( 46.105.79.38 to be exact) it's my own family name domain name IP ...... (me banning my haed early in the morning). Back then, it wasn't really known to be in "France" - Google said it was based ine the ... US. That changed.
I'm off selecting FR in the GeoIP lists .. see if I'm about to blacklist myself ....
