PFSense w/ Unbound and PFBlockerNG-devel Fails to load some sites until reboot

  • I'm running PFSense using the DNS resolver, PFBlockerNG-devel and Suricata. I am having an issue where some sites will randomly fail to load on any device until the firewall is restarted. I have tried restarting the DNS resolver service and setting devices to use the google DNS however the only way to access the site is to use a VPN. I'm not sure where to go from here, so any help would be appreciated.

  • @CDTech You needed to update and reload pfBlockerNG-Devel ... restarting Unbound is not sufficient as you had discovered. Alternatively, you may reboot pfSense as you had discovered, worked. I take it you had added some sites to white list or suppression list.

  • @NollipfSense No, no changes from standard lists. Pfblocker logs don’t seem to show anything obvious that’s being blocked, just add domains that are unrelated to the sites I can’t access.

  • @CDTech do you have Suricata running in ids (detection) or ips (protection) mode? If Suricata is blocking on alerts (legacy mode ips), then you can have a lot of sites "break" depending on how it's setup. Even if you disable Suricata, it won't solve the issue. You would have to disable suricata or switch to detection mode only and then go to the blocks tab and clear all blocks.

  • @Raffi_ thanks for that. I've been advised to try disabling the pfblocker snort rules elsewhere som in trying that now. If it doesn't work I'll try this next :)

Log in to reply