• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

While pfBlocker updates interface rules pfSense ignores floating rules

Scheduled Pinned Locked Moved pfBlockerNG
4 Posts 2 Posters 388 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    Ellingson
    last edited by May 16, 2024, 5:23 PM

    Very interesting thing is happening.

    I noticed that when pfBlocker is running its hourly cron to get updated feeds, pfSense seems to ignore the floating rules while the interface rules are being updated. To simplify things...

    I use floating rules (pass, quick) to allow my private DNS resolver (AdGuard on a Raspberry Pi) to access Quad 9 DNS servers via TCP 443, and 853.

    I use pfBlocker to manage interface rules to block everyone from accessing any DNS service other than my private resolver.

    This works fantastic, except for about 90 seconds every hour when the cron for pfBlocker runs. After the updated IP lists are downloaded, it applies the changes to the interface rules. While those are being updated, it seems the floating rules are ignored and my private DNS resolver is blocked. Again... for just that 90 seconds or so. Then it works as normal.

    Crazy, eh?

    S 1 Reply Last reply May 16, 2024, 9:26 PM Reply Quote 0
    • S
      SteveITS Galactic Empire @Ellingson
      last edited by May 16, 2024, 9:26 PM

      @Ellingson How long does a filter reload take? Status > Filter Reload, and the Reload Filter button (arrows).

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      E 1 Reply Last reply May 16, 2024, 9:33 PM Reply Quote 0
      • E
        Ellingson @SteveITS
        last edited by Ellingson May 16, 2024, 10:08 PM May 16, 2024, 9:33 PM

        @SteveITS It is nearly instant. Think it has to do with writing to the aliases?

        1 Reply Last reply Reply Quote 0
        • E
          Ellingson
          last edited by Ellingson May 22, 2024, 3:37 AM May 22, 2024, 3:36 AM

          I changed the feeds to be once daily, but just like clockwork, at 20 or so seconds after the hour, every hour - for 90 seconds the floating rules are ignored. Continuing to see what could cause this. Open to ideas.

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received