Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Odd pfblockerng behavior

    Scheduled Pinned Locked Moved pfBlockerNG
    6 Posts 4 Posters 33 Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BiloxiGeekB Offline
      BiloxiGeek
      last edited by

      Sometime over the weekend my pfblockerng started behaving differently. Ads in iOS games started leaking through when they had been pretty effectively filtered previously. And if pfblockerng is enabled YouTube TV on my Roku devices won't connect. I haven't changed anything recently so I'm not sure where I should be going to look to change the config to fix these issues.

      S GertjanG 2 Replies Last reply Reply Quote 0
      • S Offline
        SteveITS Galactic Empire @BiloxiGeek
        last edited by

        @BiloxiGeek Well any list of ad servers will change over time.

        Are you blocking DoH/DoT in pfBlocker? That will bypass any local DNS.

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • GertjanG Offline
          Gertjan @BiloxiGeek
          last edited by

          @BiloxiGeek said in Odd pfblockerng behavior:

          And if pfblockerng is enabled YouTube TV on my Roku devices won't connect

          Doesn't pfBlockerng mention the DNS request from the Roku blocked ?
          Firewall > pfBlockerNG > Alerts

          @BiloxiGeek said in Odd pfblockerng behavior:

          Ads in iOS games started leaking through

          Check the other log : Firewall > pfBlockerNG > Unified and look for the IP in the Source common. If these 'new' add servers are ... well .. new, and not part of any list, they will show up.
          Another explanation : If the iPhone decides (with some user help of course ^^) not use use pfSense as its DNS source, then it's normal that pfBlocker can't do it's work.
          Other reasons ?

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • tinfoilmattT Offline
            tinfoilmatt
            last edited by

            @BiloxiGeek said in Odd pfblockerng behavior:

            Ads in iOS games started leaking through

            Almost inevitably DoH 'leak.'

            @Gertjan said in Odd pfblockerng behavior:

            Firewall > pfBlockerNG > Alerts

            Firewall / pfBlockerNG / Reports / Alerts [or Unified]

            1 Reply Last reply Reply Quote 0
            • BiloxiGeekB Offline
              BiloxiGeek
              last edited by BiloxiGeek

              I'm trying to figure out what IPs are responsible for the ADs. Is there a guide to the best way to track which DNS requests are coming from a specific device so I can monitor while playing those games and get a list of the lookups happening? I got the Alerts - Filter set but I'm not seeing new entries, kinda like it's got the lookup cached so it's not doing a query.

              Added: While playing a couple games to force an ad lookup it's not getting the ads now. Maybe I just needed to wait for the block lists to update or something along those lines.

              tinfoilmattT 1 Reply Last reply Reply Quote 0
              • tinfoilmattT Offline
                tinfoilmatt @BiloxiGeek
                last edited by tinfoilmatt

                @BiloxiGeek You can always run Wireshark on a compatible device, filtering the capture by "port 53". But this would not show any queries made via HTTPS (i.e., DoH).

                You could also include "or port 853" in your capture filter to show DoT traffic. But the queries themselves would be encrypted.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.