pfBlockerNG blocks my entire network
-
I cant reach my Firewall or access internet after enabling pfblocker services.
It works for a while and all my interfaces stops working I have to restart the firewall which works for a short period to disable it before everything works normally. Please help me with your experience. -
@JHODZ said in pfBlockerNG blocks my entire network:
I have to restart the firewall which works for a short period to disable it before everything works normally
When you disable (uncheck the Enable box) pfBlockerng, everything works fine ?
If so, what are your pfBlockerng settings ?
What happens when you enable pfBlockerng,
and : NOnoe of the IP settings :
and no DNSBL settings (no feeds, no options)
does "it work" (without pfBlockerng doing anything).
When exactly this issue happens ?
On the main Firewall > pfBlockerNG > IP page, do you ask to create firewall rules ? What settings ?
-
Let me try that and give you the feedback and to answer your first question, when i disable it everything works just fine.
-
When you installed pfBlockerNG, and activate it - without doing anything else - it does .... nothing.
As there are no IP feeds loaded, and no DNSBL (I actually cant' recall if it is pre loaded with one small DNSBL).
DNSBL feeds are not used by pfBlockerNG, they are fed to the local resolver, so it knows what host names not to resolve, and just return "127.0.0.1" or "0.0.0.0" as this indicated to the requesting device : "No A record found - host does not exist".Btw : You use pfSense 2.7.2 or pfSense 23.09.1, as any other, lower versions can/will produce major issues.
-
@JHODZ I tried disabling IP and Putting no feed into the DSBL yet i cant access the internet and communication between interfaces becomes very slow (Non-responsive). Also my pf plus version is 23.09.1-RELEASE
-
Just a wild guess : under Firewall > pfBlockerNG > DNSBL
This IP doesn't conflict with any of your interfaces ?
-
@Gertjan No Please. I have even changed it
-
Are you allowed to use 12.10.100.1 ??
As stated : use an IPv4 that is RFC1918.Example :
[23.09.1-RELEASE][root@pfSense.bhf.tld]/root: ping 12.10.100.1 PING 12.10.100.1 (12.10.100.1): 56 data bytes 64 bytes from 12.10.100.1: icmp_seq=0 ttl=236 time=123.601 ms 64 bytes from 12.10.100.1: icmp_seq=1 ttl=236 time=123.248 ms ^C --- 12.10.100.1 ping statistics --- 3 packets transmitted, 2 packets received, 33.3% packet loss round-trip min/avg/max/stddev = 123.248/123.425/123.601/0.176 msYou have a huge security issue
Or
You are using an IP that you do not own [ I vote for this one ].The latter can/will create routing problems.
-
@Gertjan noted am reviewing this will give you the feedback but also if I may ask I changed my web interface port can it also cause any issue with pfblocker
-
@JHODZ I also checked from my logs and got this error
[1708589241] unbound[97875:0] error: bind: address already in use
[1708589241] unbound[97875:0] fatal error: could not open ports -
@JHODZ said in pfBlockerNG blocks my entire network:
[1708589241] unbound[97875:0] error: bind: address already in use
[1708589241] unbound[97875:0] fatal error: could not open portsThat means that unbound was told to stop, but didn't (in time). then it get restarted, but it can't, as the previous instance is still shutting down, or even dead.
Solution : console or SSH, option 8, and :ps ax | grep 'unbound'and kill all the lines like these :
17516 - Ss 16:07.53 /usr/local/sbin/unbound -c /var/unbound/unbound.confso
kill 17516and when done, start unbound in GUI.
@JHODZ said in pfBlockerNG blocks my entire network:
ask I changed my web interface port
Like :
why not.
( as long as it isn't used by another process ^^ ) -
@JHODZ said in pfBlockerNG blocks my entire network:
No Please. I have even changed it
You didn't change it, but it lists 12.10.100.1 as its vip? That sure looks like it was changed to me.. Where it would it come up with such an address?
-
@Gertjan yes i dd changed it
-
@JHODZ yeah my bad, couldn't read this morning I guess.. but 12.something would be a really bad choice.. And points out it should be rfc1918..
-
Hi all, I got it to work by changing some of the ports, but I can't run DNSBL in python mode allthough unbound mode works fine. Please is there anything else am missing.
-
@JHODZ said in pfBlockerNG blocks my entire network:
Please is there anything else am missing.
Missing what - you have given no info on how your setup..
-
@JHODZ said in pfBlockerNG blocks my entire network:
but I can't run DNSBL in python mode
Because ?
You don't want to ?
Some other reason ?edit :
"Python mode" is what the unbound authors advice to use when you want, for example, add dnsbkl type files. This 'mode' speeds up drastically the start and restart of unbound. -
@Gertjan I meant I am unable to run dnsbl in Python mode. Webpages takes long time to load
-
How much DNSBL feeds do you have :
What does this log show you when you reload pfBlockerng like this :
Do the test both in unbound and Python mode.
