• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfblocker is not working. it does not block anything.

Scheduled Pinned Locked Moved pfBlockerNG
10 Posts 4 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    noonstarx
    last edited by Sep 26, 2022, 6:17 AM

    Re: pfBlockerNG-devel v3.1.0_0

    Hi. I am quite new in using pfblockerng_devel 3.1.0_4. I have installed and configured pfblockerng. It has created two sets of floating rules in firewall. I do not know what is the problem, but it appears it does not block anything. My guess is it has to be something with the firewall rules or something else that I am missing here.
    Who can help please?

    G 1 Reply Last reply Sep 26, 2022, 6:48 AM Reply Quote 0
    • G
      Gertjan @noonstarx
      last edited by Sep 26, 2022, 6:48 AM

      @noonstarx

      What does the widget show ?
      Something like :

      bcc81f1c-9a28-404d-8a0b-8dbcfdaa5daa-image.png

      What do you see under Firewall > pfBlockerNG > Alerts ?

      Both pfb_* processes are running :

      14bb0810-d51d-42a8-ab4f-096a3bfc0b17-image.png

      ?

      Do you have loaded DNSBL feeds ?

      @noonstarx said in pfblocker is not working. it does not block anything.:

      It has created two sets of floating rules in firewall.

      These floating rules are for created if you've set up one or more feeds using IP addresses.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      N 1 Reply Last reply Sep 26, 2022, 7:31 AM Reply Quote 0
      • P
        publictoiletbowl
        last edited by Sep 26, 2022, 7:23 AM

        mine if different issue out of 4 vlans only 1 vlan net working but those 4 vlans was selected in pfblcker main setting

        1 Reply Last reply Reply Quote 0
        • N
          noonstarx @Gertjan
          last edited by Sep 26, 2022, 7:31 AM

          @gertjan Hi. Thanks for replying.

          Answer to your questions:

          My widget shows:
          ![alt text](0A.png image url)

          My Alerts are:
          2A.png

          My Processes:
          1A.png

          And yes I have load DNSBL feeds.

          G 1 Reply Last reply Sep 26, 2022, 8:19 AM Reply Quote 0
          • G
            Gertjan @noonstarx
            last edited by Sep 26, 2022, 8:19 AM

            @noonstarx

            We're both using the same DNSQB feed/list :

            39269324-d800-44b4-85ba-6df65405f091-image.png

            so, instead of locating this file on pfSense, let's get the first line from here https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

            Here it is :

            bad80462-ed5f-4967-afc7-bf109cde602b-image.png

            Let's test the first one, eu1.clevertap-prod.com, on a device on my LAN :

            C:\Users\Gauche>nslookup eu1.clevertap-prod.com
            Serveur :   pfSense.brit-hotel-fumel.net
            Address:  192.168.1.1
            
            Nom :    eu1.clevertap-prod.com
            Address:  0.0.0.0
            

            0.0.0.0 => blocked.

            Btw : 192.168.1.1 is my pfSense, and I'm using the resolver unbound - using Python mode.

            and this event is logged :

            5fda3213-9f69-473e-8388-7427dc507a67-image.png

            @noonstarx said in pfblocker is not working. it does not block anything.:

            My Alerts are:

            Your log shows filtered stuff on the WAN interface.
            You have NAT rules ? Or letting traffic in ?
            If not, don't bother filtering the WAN.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            N 1 Reply Last reply Sep 26, 2022, 9:03 AM Reply Quote 0
            • B
              Bob.Dig LAYER 8
              last edited by Sep 26, 2022, 8:29 AM

              At least you have alerts... I don't see any for ages now but it is blocking just fine.

              G 1 Reply Last reply Sep 26, 2022, 8:45 AM Reply Quote 0
              • G
                Gertjan @Bob.Dig
                last edited by Sep 26, 2022, 8:45 AM

                @bob-dig said in pfblocker is not working. it does not block anything.:

                I don't see any for ages now but it is blocking just fine.

                Your probably not looking who is knocking on the closed door : the WAN, and that's a wise thing.
                Further more, your LAN clients are not visiting prohibited IPs, that also a good thing.

                I had one last auguste, 4:

                e8d97bde-4609-4a77-adb1-9dbabf0a2a80-image.png

                and that was me testing an "IP, using an PC on my LAN, 192.168.1.6.

                The DNSBL (Python) part is full of attempts, like our Samsung 'Samsung' TV trying to call 'home'.

                a1a8efa7-318e-437e-9b78-ebad6b68894f-image.png

                Even the PC I'm suing right now is trying to contact "incoming.telemetry.mozilla.org" Probably Firefox calling home.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                B 1 Reply Last reply Sep 26, 2022, 8:48 AM Reply Quote 0
                • B
                  Bob.Dig LAYER 8 @Gertjan
                  last edited by Bob.Dig Sep 26, 2022, 8:49 AM Sep 26, 2022, 8:48 AM

                  @gertjan Actually no, I don't know why but pfblocker is not showing any alerts here. I do block on WAN but only on ports that I had opened.

                  Screenshot 2022-09-26 104900.png

                  1 Reply Last reply Reply Quote 0
                  • N
                    noonstarx @Gertjan
                    last edited by noonstarx Sep 26, 2022, 9:07 AM Sep 26, 2022, 9:03 AM

                    @gertjan Hi. I still cannot figure it out.

                    There are a couple of NAT rules:

                    3A.png

                    and this:

                    4A.png

                    and I get DNSBL Block alerts from LAN interface as well. But when it comes to particular website block like facebook, still I cannot see any change.

                    and when:

                    C:\Users\user>nslookup facebook.com
                    Server: dns.google
                    Address: 8.8.8.8

                    Non-authoritative answer:
                    Name: facebook.com
                    Addresses: 2a03:2880:f167:81:face:b00c:0:25de
                    157.240.227.35

                    G 1 Reply Last reply Sep 26, 2022, 9:22 AM Reply Quote 0
                    • G
                      Gertjan @noonstarx
                      last edited by Gertjan Sep 26, 2022, 9:23 AM Sep 26, 2022, 9:22 AM

                      @noonstarx said in pfblocker is not working. it does not block anything.:

                      There are a couple of NAT rules:

                      Those are not WAN based, they redirect 10.10.10.1, the IP of the build in web browser, to 127.0.0.1 so it can show you the "You've accessed a blocked site" page.

                      Which, IMHO, is a useless functionality, as most sites are accessed by https these days, and https can't redirected like that. Only ancient http request could be redirected.

                      I'm not using the this pfblockerng web server, but do 0.0.0.0+logging.

                      Your outbound nat rules are by default, that's fine.

                      This is pure BS :

                      @noonstarx said in pfblocker is not working. it does not block anything.:

                      C:\Users\user>nslookup facebook.com
                      Server: dns.google
                      Address: 8.8.8.8

                      why would you want your device (PC) to ask 8.8.8.8 to resolve for you ? ? ?

                      You are completely bypassing the resolver running on pfSense.
                      Conclusion : you are bypassing the pfSense resolver == bypassing pfblockerng. Remember : pfblockerng integrates itself into unbound, the resolver.

                      Read again :

                      3d213e58-f9be-4689-9793-242929fbeb5f-image.png

                      I guess its 'case closed' now 😊

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      1 Reply Last reply Reply Quote 0
                      10 out of 10
                      • First post
                        10/10
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                        This community forum collects and processes your personal information.
                        consent.not_received