PfBlocker not blocking addresses



  • I had long suspected that pfblocker was not actually blocking addresses in the lists I specified, and I have finally confirmed this. I noticed that addresses that I had manually entered (addresses that my asterisk fail2ban had alerted me to) came up again in fail2ban days after I had added them to my pfblocker list. Finally, I manually added an address from a site I work at and the next day I was still able to reach my pfsense router. All that being said, I do not know where to being trying to figure out why this isn't working. My pfblocker is enabled and all of my lists are set to deny both. Where might I go? I reinstalled the package and still no dice.

    In my logs, I only see this in regards to pfblocker:

    Mar 29 09:00:00 php: : Starting pfBlocker sync process.
    Mar 29 16:00:01 check_reload_status: Syncing firewall
    Mar 29 16:00:01 check_reload_status: Reloading filter
    Mar 29 09:00:01 php: : [pfblocker] pfblocker_xmlrpc_sync.php is starting.


  • Banned

    Looking at totally wrong log in the first place, look at the firewall one. And on that note, it blocks just fine when set up properly.



  • @doktornotor:

    Looking at totally wrong log in the first place, look at the firewall one. And on that note, it blocks just fine when set up properly.

    Fine. I will be sure to check the correct log.

    That being established, it's not working (for whatever reason). I did add an address, pfblocker does show that address as being on a list that is active and I can still communicate with pfsense from that source IP. Pfblocker is enabled, the addresses seem to be read from my custom list (the dashboard widget shows the correct number of address from the list) and the settings on the list are set to deny both. I am more than open to the idea that I might not have set it up properly, but some assistance as to what I might want to check would be nice.

    Thank you.



  • I don't know if this is an indication of any kind, but I tried to access the following address:

    http://MYROUTERIP/pfblocker.php?pfb=pfBlockerEurope

    And it came up with nothing (when the list should have hundreds of IPs). Is this normal?



  • Update, I checkedĀ  the source for the alias by forwarding 127.0.0.1:80 to my personal computer. When I navigate to http://127.0.0.1:80/pfblocker.php?pfb=pfBlockerasteriskbanned it does spit out all of the hosts in that list. So, the aliases are working properly, the automatic rules seem to be setup to block all IPs in that list and pfblocker is enabled. But it is certainly allowing addresses that it should be blocking. Like I said before, I added the address of a site I have access to to the list and days later I am still able to get to my pfsense router from that site even though the address seems to have been loaded by pfblocker.

    Any ideas?



  • Any ideas? Should I simply attempt a reinstall?



  • check the applied ips on diagnostic->tables



  • My apologies, that does not seem to be one of the options in the Tables dropdown. Here's what I see:

    __automatic_3fe7cb60_0
    bogons
    snort2c
    sshlockout
    virusprot
    webConfiguratorlockout

    Does that seem right?



  • Increase your max table entries size on system advanced. you pfblocker list is not being applied



  • Firewall Maximum Table Entries? I already set it to 999999. Do I have to reboot to apply changes?



  • @mediumgrade:

    Firewall Maximum Table Entries? I already set it to 999999. Do I have to reboot to apply changes?

    You have to increase value before trying to apply a large list.

    You can disable pfblocker, increase table size and then re enable it.



  • My apologies. I disabled pfblocker and re-enabled and still no dice. I even tried a reinstall, but no new items showed up in my diagnostic tables list.



  • Any suggestions? Reinstall PFsense?



  • Try a smaller list.
    Here pfblocker is working fine.



  • Is the status for the dashboard widget a green up arrow or a red down arrow?

    Can you check your Firewall \ Rules \ WAN - to see if there is a pfblocker auto rule that has been created for each of your pfblocker lists ?

    This page https://forum.pfsense.org/index.php?topic=42543.705 talks about a bug that might be causing your problem.


Log in to reply