• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfBlockerNG-Devel Troubleshooting mobile apps and sites not appearing under Reports

pfBlockerNG
1
2
601
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    booshwa
    last edited by Feb 1, 2022, 3:24 AM

    Hi all,
    Admittedly I am new to pfSense and troubleshooting beyond the GUI, so please excuse if I'm missing something obvious.

    The issue I'm experiencing: The mobile app, Snapchat, fails to function properly due to an unbeknownst Feed in pfBlockerNG-Devel, Reports does not give any clue to which feed is causing the issue.

    When I search the source's address in Reports > Alert, nothing obviously close to Snapchat or it's CDN appears. If I go to www.snapchat.com, it appears as expected under DNSBL block Feed/Group EladKarako_BD/DNSBL_Malicious2. Unfortunately removing this group and attempting a reload via Update > Reload + DNSBL does not allow the app to load (typical iOS cache clearing was performed), although the webpage then functions properly.

    My troubleshooting so far:
    Removed EladKarako_BD from feeds and reloaded

    Added .snapchat.com to DNSBL whitelist, which allows the webpage to load but does not affect the app's functionality (CDN or different servers?)

    I've played the "click red lock until something works" game, but that seems inefficient and didn't work.

    Diagnostics > Tables > pfB_PRI1,2,3,4_v4 shows IP addresses, but I have no clue what IP address belongs to the server I need to communicate with.

    Status > Server > Restarted pfb_filter

    Firewall > pfBlockerNG > Logs > dnbsl.log shows Snapchat from browsing to webpage from my computer, nothing for mobile though.

    Status / System Logs / Firewall / Dynamic View (filtered by mobile device) > Nothing besides 17.0.0.0/8 and local

    Question: In scenarios where a blocked app does not appear in reports, how can I track down the causing feed or necessary servers/IPs to whitelist an application/webpage such as Snapchat

    Hardware: SG-5100 w/ 16GB RAM, 6.7GB disk space left (this was never upgraded from what the device ships with)

    Software: pfSense 21.05.1-RELEASE (amd64), pfBlockerNG-Devel 3.1.0_1
    Other packages installed: Avahi, snort (I checked snort as well but 99.9% of the time it reports nothing)

    This page mentions turning on Python mode and Null Block (logging) (Global) but I don't think my device can supported it due to the small hard drive.

    🔒 Log in to view

    B 1 Reply Last reply Feb 2, 2022, 4:02 AM Reply Quote 0
    • B
      booshwa @booshwa
      last edited by Feb 2, 2022, 4:02 AM

      Stress and tiredness had gotten the best of me but this is resolved. Wildcarding .snapchat.com in DNSBL whitelist did in fact resolve the issue.

      I have a raspberry pi running pi-hole and was able to see what queries were being made when the app loaded. From there I was able to confirm the requests being made and since pi-hole blocks out a few analytics, wildcarding in DNSBL did not seem like a horrible thing.

      Hope the steps above and the initial post helps someone else and keeps their SO from complaining :)

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.