Pfblock blocks everything



  • Hello all.

    I am beginning to try to troubleshoot my pfsense install, its a few days old so I am still learning.

    I have installed pfblocker, primarily for the country block options.

    I am using three rules txt files from emerging threats, have * selected under top spammers, and all countries blocked except the US.

    When I enable pfblocker, virtually all web traffic is blocked.  Google, Fox News, Netflix…. Banks....

    I am in the process of going through one by one and disabling to see what's causing it, but I'm open to advice.

    Thanks.



  • Are you using a list from TBG called Primary Threats? The only emerging threats that ring a bell with me are the ones used with Snort. If it is the Primary threats from TBG just don't even bother using it unless you want to spend a lot of time removing IP addresses. It blocks way too much. Uploading a screenshot may help to. Just so that we can see what lists that you are using. For Pfblocker though, I am almost thinking that it is redundant because by default everything is already blocked from incoming on the WAN.

    However, if you do make a rule on the WAN, what you will notice is that all of the Pfblocker rules will now show up. It's a little confusing to me because it already says that by default that it blocks incoming. I wouldn't even use Pfblocker unless your just trying to block your LAN connection from going out to other countries and that can create a headache to. Unless you have some spyware that you downloaded and it is phoning home I wouldn't even think that it's useful. It's a nice concept but Pfsense can stand on it's own two feet:)

    Your best bet if your worried about something or you just want to troubleshoot your connection, use Snort and also learn how to use Wireshark along with that. Pfsense has a packet capture program installed by default. You can then save your packet capture and open it in Wireshark to make it more readable on your computer.

    Last but not least. Always remember this. Your network is only as secure as the computers that are on it.  Hardening your basic defense(your pc) is really the first thing that you should consider. There are plenty of guides out there on how to do that. Stay away from places like ehow. Sometimes they are right but about 85% of the time they are wrong or they just don't have a solution for your particular situation.


Log in to reply