Netgate blocked my public IP on ACB

Gi82

Netgate has blocked my public IP on ACB. Not a VPN IP, I mean my personal, static, public IP.

I opened a TAC and the technician told me that the IP was blocked “due to too many queries to our backend from that IP, and not only ACB” (whatever that means) and cannot be unblocked. End of explanation.

So now I can't update my build or download any packages from the Package Manager, making my firewall a useless box. Unbelievable!

They didn't even want to explain what I did wrong (probably too many backups uploaded, but the “backup on every change” setting is there to be used, I guess, and that "not only ACB" is making me wonder what on earth they were referring to), nor did they show any desire to solve my problem.
I'm really speechless.

Anyone else in my situation?

stephenw10

Hmm, it would be very hard to hit any sort of limit on the ACB backend. There is a limit on the pkg repos if for some reason the firewall is hammering them.

What error are you seeing?

Is it the same public IP you are connecting to the forum from?

stephenw10

Oh I see it. Yes your IP was blocked because it was hammering the pkg repos. 11000 requests in 24hrs!

That was done back in July though. Was ACB working more recently?

Do you have multiple firewalls using that public IP?

Gi82

Hey @stephenw10, thank you for answering and checking! Appreciate it.

11,000 requests in 24 hours is crazy!!!
It wasn't intended, nor was it obviously done by me personally (11,000 clicks in one day is record-breaking).

Anyway, no, my public IP is managed by a single pfSense...
Have you had similar experiences? What could it have been? I don't want it to happen again.
But above all, can it be fixed?

Thank you very much again.

Gi82

@stephenw10 forgot to say: I don't know if it was working, I realized today it is not.
I can't, obviously, check my uploaded backup to verify they worked.

stephenw10

Mmm, OK found your ticket. It does look like it hasn't checked in since July 12th. Does it show a very large number of alerts?

Can you think of any reason there might have been such a high request rate? Multiple firewalls behind it is most likely.

Gi82

@stephenw10 Yes, it showed a high number of alerts saying “An error occurred while uploading the encrypted pfSense configuration to https://acb.netgate.com/save (Connection timed out)”.
I noticed it today because I wanted to upgrade the build and install some packages.

I can confirm that I only manage one pfSense, with a fairly standard segmented LAN behind it.

Today I ran several analyses to see if there were any rogue devices on my network, but I didn't find anything, and in any case, I don't think that even if there were, it would hit the ACB repositories, but never knows...

I really don't know what to think.

stephenw10

It wasn't ACB it was hitting it was the repo data servers. As though it was running 'pfSense-repoc' continually, or multiple devices running it. Let me see....

tinfoilmatt

I wonder if this post is relevant perhaps?

stephenw10

I believe is was actually a home assist plugin misbehaving.

Gi82

@tinfoilmatt Thank you very much for the suggestion.
As Stephen said, the most likely hypothesis is that a Home Assistant integration caused the problem.
Unfortunately, I don't have any logs to confirm this hypothesis, but the integration was (afaik) the only thing besides me that had control over pfSense, so it's the main suspect.

Gertjan

@tinfoilmatt said in Netgate blocked my public IP on ACB:

I wonder if this post is relevant perhaps?

This post shows : at 7 AM, 30 minutes, so ones a day, an "pkg update" is executed, a bit like option 13 on the console or visiting System > Package Manager inn the GUI, although the latter might work with a cache.

You could decide to do the update test every 5 minutes (or even less ?), and that means the Netgate update servers are hit 288 times per day by your pfSense.
Common sense would tell us this isn't a wise thing to do.

stephenw10

Yeah, it was a lot more than that. I don't think it would be possible to do it deliberately. It seems more likely a bug in the plugin at that time.

tinfoilmatt

@Gertjan Don't get me wrong, it's a useful script. Was a pure shot in the dark.

Gi82

@SarahBrown13 Actually after a few days of discussions and examinations on TAC and here in the forum, my IP was unblocked.
The guys were great.
Only the technician who first responded to TAC cut short immediately, showing no desire to go into detail nor help me, which annoyed me quite a bit.

tinfoilmatt

@SarahBrown13 said in Netgate blocked my public IP on ACB:

Still, refusing to unblock it and giving no real explanation isn’t a great look.

We've all interacted with someone lacking ambition to help. This person must've felt like there was nothing they could do for some reason.

Popolou

Unfortunately, we've all had experience with those sort of characters. Perhaps they assumed the user was say, a Chinese reseller but didn't want to come out with it.