Determining which pfblocker rule(s) are blocking sites that shouldnt be blocked
-
Hi, I am using the package pfblocker to further block sites from various countries as well as from other custom lists gathered from the internet (known IP's for spywares, companies doing electronic recording, etc).
Since I installed pfblocker, all was fine (minus a few bugs and the need to restart pfsense). Then out of the blue two sites I regularly access (my bank website and Paypal) are no longer working because of pfblocker. I diagnosed by elimination, at the moment I disabled pfblocker, I could access these two sites without a glitch.
From the Firewall tab of the logs:
May 6 21:32:00 pf: XX.XX.XX.XX.50170 > XX.XX.XX.XX.563: Flags [P.], cksum 0xd147 (correct), ack 1, win 9258, options [nop,nop,TS val 259576838 ecr 261123793], length 138 May 6 21:32:00 pf: 00:00:05.119666 rule 1/0(match): block in on re1: (tos 0x0, ttl 64, id 54992, offset 0, flags [DF], proto TCP (6), length 190) May 6 21:31:55 pf: XX.XX.XX.XX.50170 > XX.XX.XX.XX.563: Flags [P.], cksum 0xe547 (correct), ack 1, win 9258, options [nop,nop,TS val 259571718 ecr 261123793], length 138 May 6 21:31:55 pf: 00:00:02.560106 rule 1/0(match): block in on re1: (tos 0x0, ttl 64, id 54991, offset 0, flags [DF], proto TCP (6), length 190) May 6 21:31:52 pf: XX.XX.XX.XX.50170 > XX.XX.XX.XX.563: Flags [P.], cksum 0xef47 (correct), ack 1, win 9258, options [nop,nop,TS val 259569158 ecr 261123793], length 138 May 6 21:31:52 pf: 00:00:01.279978 rule 1/0(match): block in on re1: (tos 0x0, ttl 64, id 54990, offset 0, flags [DF], proto TCP (6), length 190) May 6 21:31:51 pf: XX.XX.XX.XX.50170 > XX.XX.XX.XX.563: Flags [P.], cksum 0xf447 (correct), ack 1, win 9258, options [nop,nop,TS val 259567878 ecr 261123793], length 138 May 6 21:31:51 pf: 00:00:00.640066 rule 1/0(match): block in on re1: (tos 0x0, ttl 64, id 54989, offset 0, flags [DF], proto TCP (6), length 190) May 6 21:31:50 pf: XX.XX.XX.XX.50170 > XX.XX.XX.XX.563: Flags [P.], cksum 0xf6c7 (correct), ack 1, win 9258, options [nop,nop,TS val 259567238 ecr 261123793], length 138 May 6 21:31:50 pf: 00:00:00.319888 rule 1/0(match): block in on re1: (tos 0x0, ttl 64, id 54988, offset 0, flags [DF], proto TCP (6), length 190) May 6 21:31:50 pf: XX.XX.XX.XX.50170 > XX.XX.XX.XX.563: Flags [P.], cksum 0xf807 (correct), ack 4257620699, win 9258, options [nop,nop,TS val 259566918 ecr 261123793], length 138 May 6 21:31:50 pf: 00:00:25.201640 rule 1/0(match): block in on re1: (tos 0x0, ttl 64, id 54987, offset 0, flags [DF], proto TCP (6), length 190)
Under pfblocker, under America, I left USA and Canada enabled. My custom lists shouldnt be causing any issues as I have been using them for quite a while now and like I said, the issue just started.
The sites I have problems with, paypal is in the USA (!?) and my bank is in Canada. SO anything in Asia, Europe, etc shouldnt influence my ability to access these sites or not..Can anyone help with the log entries above to troubleshoot whats blocking these sites?
Thanks!
-
Can an admin move this thread to packages? I think this is where it belongs the best..
-
In the firewall log, if you click the red "X" then a popup will tell you which rule has caused the block.