Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unblock a blocked IP ?

    Scheduled Pinned Locked Moved Firewalling
    13 Posts 2 Posters 12.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      atrocity
      last edited by

      Hello,

      i did some test with our new PFSense today, from outside of our network, and i have locked my own IP by PFSense …
      I simply did a test on a web server, and i forgot that some ports was not defined (it's a remote KVM, using Java on the ports 2068 and 8192).
      I'm new on PFSense, and was not able to unlock my IP. Did a reboot of the firewall and my IP was free again.
      But there must be a way to unblock such a blocked IP, no ?

      Also, i'm looking for a whitelist, but was also not able to find something like that.
      I only want to avoid to have some IPs blocked if we do something wrong ...
      Is there a way to do this ?

      Thanks for any help

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        Did you trigger the web configurator lockout?
        Go to Diagnostics, Tables and look there.

        1 Reply Last reply Reply Quote 0
        • A
          atrocity
          last edited by

          thanks for your reply, but it's not only the webConfigurator the problem.
          My webConfigurator anti-lockout rule is disabled.
          If i understand it correctly, it should not lock my IP if i use a wrong password, no ?

          My problem is that i did a try to make some access from the outside.
          PFSense blocked my IP because i forgot to open the 2 KVM ports.
          I used a other IP to access PFSense, where i was able to reboot to be unlocked.

          My question is: is there a way to whitelist some IP ?

          Thanks
          Best regards

          1 Reply Last reply Reply Quote 0
          • dotdashD
            dotdash
            last edited by

            Not sure what you mean by blocked. If you triggered something like the web configurator or ssh lockout, it would be in one of the tables. Look there.
            It doesn't 'blacklist' ips simply because they tried to hit a closed port. (You're not running snort, right?)

            1 Reply Last reply Reply Quote 0
            • A
              atrocity
              last edited by

              ok, sorry, french is my mother language …

              Forget the webConfigurator and gui.
              I have servers behind this PFSense, accessible from the internet.
              I was outside of our network, and did some tests, accessing our servers.

              1 Reply Last reply Reply Quote 0
              • dotdashD
                dotdash
                last edited by

                In standard configuration, pfsense will not block IPs for anything other than hammering at ssh or the webgui.
                You are saying you tried to hit a closed port from the Internet and then couldn't hit open ports until you rebooted?

                1 Reply Last reply Reply Quote 0
                • A
                  atrocity
                  last edited by

                  yes, that's it.

                  1 Reply Last reply Reply Quote 0
                  • dotdashD
                    dotdash
                    last edited by

                    That shouldn't happen. Do you have snort installed? Any rules with advanced options such as maximum source hosts, etc?

                    1 Reply Last reply Reply Quote 0
                    • A
                      atrocity
                      last edited by

                      snort is not installed but Suricata is installed but not activated.

                      Yes, i have some Advanced Settings to limit the rate of some ports, like http, https ( Maximum new connections / per second(s) (TCP only)  10 con./10 seconds )

                      I can't imagine that this blocked me, because my normal tests with standard web servers are all ok.
                      It's only when i did a try to open a KVM remote console that i was blocked, because the 2 KVM ports was not defined/enabed.

                      1 Reply Last reply Reply Quote 0
                      • dotdashD
                        dotdash
                        last edited by

                        You could turn the logging on for those rules and repeat the test. You should have seen something in the logs when the IP was blocked. I would also check the tables just to see if anything was there.

                        1 Reply Last reply Reply Quote 0
                        • A
                          atrocity
                          last edited by

                          hi,

                          i know what's blocked me last time, but i want to be able to whitelist some IPs, just in case …
                          Don't want to be blocked anymore.
                          Is the only solution to put a Allow rule on top of my rules, allowing everything from this IP's ?

                          Regards

                          1 Reply Last reply Reply Quote 0
                          • dotdashD
                            dotdash
                            last edited by

                            The point I'm trying to make is that the IP should NOT have been blocked. I've never seen anything like that happen in years of working with pfSense. This leads me to believe something strange is going on with your rules. If you know how to re-create the block, you should be able to turn on some logging and find out what happened. If it was me, I would backup the config, install on a clean system (no packages) and set any rules with advanced options to log.

                            1 Reply Last reply Reply Quote 0
                            • A
                              atrocity
                              last edited by

                              Hi,

                              thanks, but your answer bring me more questions …
                              We WANT that if someone try some ports will be blocked.
                              A normal visitor/user don't have to try other ports as web, mail, ect ...

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.