pfBlockerNG uninstalled and sites still blocked. Safe to delete remaining files?
-
I'm currently experiencing Google domain(s) and random tech sites being blocked on my network. As a last resort (after whitelisting and disabling dnsbl didn't revive the sites) I've uninstalled pfBlockerNG completely, however a few traces remain. I'm not familiar with BSD beyond the pfsense gui so wanted to confirm if the below files are safe to delete before doing so.
/usr/local/www contains a pfblockerng folder with geoip files
The nested www folder contains what I'm guessing is the webpage.php thats supposed to be served when you've reached a blacklisted page
There were also alias and cron stuff left over but doubt has play here and I removed via gui
As for the errors, Google/Youtube/etc are pingable and traceroute from wan makes 3 hops out before dying. ExpressVPN failing with an oddball 0.0.0.1. The sites are hit or miss depending on the vlan (direct ethernet connection to switch) I'm on. 2 being routed through WAN/spectrum, other 2 being through vpn gateway.
I tried looking for a dnsbl certificate on my mac but keychain is clear, safari doesn't give a certificate and chrome provides the below
-
@booshwa pfBlocker blocks by either firewall rules (visible in GUI) or DNS (nslookup). There is a checkbox to keep or remove pfB settings when uninstalling, which defaults to keep. You might reinstall then set that to remove everything.
-
@SteveITS Thanks for that, I originally unchecked the 'keep settings' checkbox which left the above. Reinstalling then uninstalling after unchecking the box still leaves /usr/local/www/pfsense and contents
As for rules, they are more or less the same across the network with respect to gateways
Unfortunately Google and others are still blocked after clearing cache and restarting DNS Resolver, though nslookup resolves and traceroute moves further up the chain when going from firewall
from a computer on VLAN10_HOME
I didn't mention my setup in the original post so doing that now
Device: Netgate SG-5100
OS: 23.05-RELEASE (amd64)
pfBlockerNG-Devel version: 3.2.0_5- Also installed/uninstalled pfBlockerNG 3.2.0_5 separately but removed immediately with Keep Settings unchecked
I upgraded from 23.01 last week in an attempt to install the newer pfBlockerNG and resolve these lingering problems
-
@booshwa if it’s resolving to a correct IP and traffic exits your router it seems unlikely your firewall is blocking anything…?
-
@SteveITS you are correct and admittedly this steps into areas of troubleshooting where I'm not familiar beyond clearing local cache.
My next step for verifying cache problems on my mac was to restart DNS Resolver and start up a blank windows vm on a different vlan. After about 8 minutes the site finally loaded in the windows vm. My mac on VLAN10_HOME still not loading. Both gateways through ExpressVPN
Thanks for giving me some of your time! I'll keep plugging away
-
@booshwa Loading after 8 minutes sounds like packet loss or routing problems to me. Try without the VPN?
-
@SteveITS Thanks for that tip, without vpn the sites would hang until it timed out. Changing dns resolver's outgoing interface to wan allowed the site to load. Somewhere the upstream dns was failing, so I shut down the box for 30 minutes to get a new gateway ip and virtual address.
The sites seem to be loading consistently now
-
As soon as I post that it goes back down..