pfBlockerNG blocked access to pfsense

Doody

This morning I had no internet access and couldn't even ping my pfsense routers IP address at 192.168.1.1 from the LAN so I had to power cycle the router and after a reboot I was able to access the internet again, I tried to login to the router to atttempt to figure out what happened and was greeted with a block page with the message (I also tried from different clients on the LAN)

Referer Client Type Group Evaluated Domain Feed
Unknown 192.168.1.84 Unknown Unknown Unknown Unknown

I had to restore to a previous configuration from the pfsense shell to get back into the pfsense web interface and have immediately disabled PfblockNG for the time being.

What's the best way to determine what happened here and resolve the problem so I can re-enable PfblockNG?

Gertjan

@Doody

If a LAN device "92.168.1.84"can't even ping "192.168.1.1" (pfSense, right ?), and you think it's pfBlocker ... that's quiet impressive.

Visiting the pfSense web GUI, using "http://192.168.1.1" and you this :

isn't normal at all.
Best solution : have a talk with the admin. I don't know what he doing, but we all agree that he might do it's job a bit better ( )

As usual :
What pfSense version ? pfBlockerng version ?
The fact that IP(s) (and not host names) are blocked, this means you have IP settings (feeds, etc) :
This page :

and the IPv4, IPv6 etc pages.

If, by accident, you use a IP feeds that contains "192.168.1.0/24" and you have pfBlockerng filter your LAN, then, yeah, that will be an issue.
This is just an example of course, IP feeds shouldn't contain RFC1918. networks.

Shows also your :

settings.

My personal advise : use Null blocking :

@Doody said in pfBlockerNG blocked access to pfsense:

What's the best way to determine what happened here and resolve the problem so I can re-enable PfblockNG?

Compare the config you used 'before' and the current one.
The differences will be minor, and all pfBlockerng settings will explain the 'why'.

Go here : Diagnostics > Configuration History and you see there is a GUI tool just for that.
( I never used it myself ^^ )

Doody

@Gertjan said in pfBlockerNG blocked access to pfsense:

@Doody

If a LAN device "92.168.1.84"can't even ping "192.168.1.1" (pfSense, right ?), and you think it's pfBlocker ... that's quiet impressive.

Well it seems more than a coincidence that I had to power cycle my router and then was unable to access the web interface of my Pfense router as it was blocked by PfblockNG even though I had made no changes to any config.

I do use IP feeds

So it's highly possible that this IP address had been added during a blocklist update.

Thanks I will compare the config.

pfBlockerNG 3.2.8
pfsense 2.8.1-RELEASE (amd64)

I don't seem to have the option Null block (logging)

Gertjan

@Doody said in pfBlockerNG blocked access to pfsense:

I don't seem to have the option Null block (logging)

Go to Firewall > pfBlockerNG > DNSBL and make you you use :

and also :