pfB_PRI1_v4 - blocking common websites
-
Hi,
I've noticed the PFSense FW has started blocking some common websites, one in particular is:
https://www.slamcity.com/ (there are others)
After trying to locate the issue I tried disabling the pfB_PRI1_v4 rule on the LAN, when I disable the rule the site works.
-
How do I find out why this site is being blocked and then add it to a whitelist?
-
Also, how will I know what other innocent sites are being blocked?
The packet shows the handshake being reset (I think)- Flags: 0x014 (RST, ACK). So maybe something else is going on here?
Thanks For your help,
Andy -
-
@mrfrenchfry You can inspect blocking with the Reports/Alerts tab. From there you can whitelist/suppress Domains or IPs.
Click on all icons to get detailed information on settings.2.4.5-RELEASE-p1 (amd64)
Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5 -
I would imagine that this could contribute to the fact that you cant use Firefox default page as a search engine here and have to use local google domains to get the search engine going...
-
@ronpfs Thanks, i checked the alerts and can't see any entries for the IP or domain being blocked.
However when checking the blocked IP URL Tables for PRI1_V4 i can see the entry for 23.227.38.65
This is an IP for Shopify and hosts many webshops, including the one that is blocked above www.slamcity.com
Firstly, should PFSenese alerts show this entry when i try to resolve the IP or web address? I don't see it in the alerts and nothing filters for those addresses. Surely when i try and access that site and its blocked it should be visible in the reporting and alerts?
Second, i have added that site to the DNS WL but it still doesn't work. How can i add an IP to a whitelist?
Thanks for your help!
-
@mrfrenchfry said in pfB_PRI1_v4 - blocking common websites:
However when checking the blocked IP URL Tables for PRI1_V4 i can see the entry for 23.227.38.65
Which one ?
@mrfrenchfry said in pfB_PRI1_v4 - blocking common websites:
Firstly, should PFSenese alerts show this entry when i try to resolve the IP or web address?
Only host names can be resolved (to IP).
IP's can't be resolved to IP's as they are already IP's.@mrfrenchfry said in pfB_PRI1_v4 - blocking common websites:
Surely when i try and access that site and its blocked it should be visible in the reporting and alerts?
Be aware : there is this option that adds the IP to an IP list (firewall alais) that blocks any further references to this domain.
The alerts page will not mention the domain name any more, as any traffic hits the firewall, and is blocked. Making firewalls log can be done, but be warned for HUGE log files which will overflow very rapidly.@mrfrenchfry said in pfB_PRI1_v4 - blocking common websites:
How can i add an IP to a whitelist?
Like this :
I have these DNSBL feeds :
Let's take the BBcan177 as an example.
From here :
I have a reference of the original data file.
Let's check :
Let's take "tl9pb.pheikmajide.com" as an example.
When I open a browser and paste that URL, I get .....
Ok, pfB works;
Now, have a look at the alert page :
There it is :
I'm going to white list this URL, by clicking on the + - Yes, Yes for wild card - Yes for adding a comment, and yes.
Note that I saw a message when the adding (white listing) was done :
No big deal, I do what I was told to do :
I opened a new browser (browser also cache URL's) and ....
Bad luck : the site URL was already non-responsive / already taken down.
You saw the ERR_NAME_NOT_RESOLVED message ?
Btw :
Meanwhile, in the list with DNSBLs that are white listed :
so, "http://tl9pb.pheikmajide.com/" is white listed as from now.
I did a second test :
This one :
So I got :
I white listed the thing :
Did the local DNS flush and a quick DNS test :
Promessing, this one resolves now to an IP.
And bingo : white listed : we got a pure BS site :
As you can see, prissypreps.com forxards us to relaystor.xyz.
Now, what is your issue ?
-
@gertjan said in pfB_PRI1_v4 - blocking common websites:
@mrfrenchfry said in pfB_PRI1_v4 - blocking common websites:
However when checking the blocked IP URL Tables for PRI1_V4 i can see the entry for 23.227.38.65
Which one ?
This one
Now, what is your issue ?
I want to remove that IP from the table.
-
@mrfrenchfry said in pfB_PRI1_v4 - blocking common websites:
I want to remove that IP from the table.
Go here :
Go downwards.
You'll find :
Click on the + sign on the right.
Add your IP and mask.
Save with the blue button at the bottem of the page.
Update > Reload > All.
Done. The IP is removed from the Alias table.
Btw : the IP is listed by some IP feeds that you included yourself.
