Pfblocker breaks amazon



  • I tried to purchase a battery for my ups, got as far as clicking the checkout button on amazon's site, after that nothing worked.  Turned off pfblocker, and it worked.

    How can I begin troubleshooting what list item to remove from the pfblocker config to allow?



  • I'm also getting new notifications every few minutes…

    --

    01-24-14 23:27:39 [ There were error(s) loading the rules: /tmp/rules.debug:26: cannot define table pfBlockerAsia: Cannot allocate memory - The line in question reads [26]: table persist file /var/db/aliastables/pfBlockerAsia.txt]
    01-24-14 23:28:16 [ There were error(s) loading the rules: /tmp/rules.debug:26: cannot define table pfBlockerAsia: Cannot allocate memory - The line in question reads [26]: table persist file /var/db/aliastables/pfBlockerAsia.txt]
    01-24-14 23:30:01 [ There were error(s) loading the rules: /tmp/rules.debug:26: cannot define table pfBlockerAsia: Cannot allocate memory - The line in question reads [26]: table persist file /var/db/aliastables/pfBlockerAsia.txt]

    I wanted to use pfsense primarily for the country blocking feature, and have spent weeks playing with pfblocker, but ultimately I uninstall it every few days as I just can't get it to work right.


  • Moderator

    Did you edit the System:Advanced:Firewall/NAT  "Firewall Maximum Table Entries"

    For pfBlocker, I would recommend that you create alias lists for blocking known offenders along with any Country blocking.

    There are several suggestions for the list on the forum (ET, Spamhaus, CIARMY. IBlocklist etc etc)



  • by using the country blocker, you'll also find it kills your ability to generate a return ticket and shipping label at Amazon.  (why is Amazon's return label eneration routing through Asia??) There is another thread here on using pfBlocker to generate the lists to be used by Snort and the rules set. I've found this option makes every problem like this (that I was having) go away without having a lot of custom pass rules.

    https://forum.pfsense.org/index.php/topic,64674.0.html

    Rick


Log in to reply