pfSense, Suricata and Pfblocker

Hi

Recently I’ve implemented pfBlocker and Suricata… For some reason, Youtube is being blocked either, it doesn’t load or buffers constantly.

I can’t see Youtube IP/Ranges in any of the alerts or blocklists in either service.

Any suggestions? My pfSense box specs are as follows:
image

image

I’m not sure whether my box is powerful enough to run both, I have not seen any suggestion that the CPU / RAM is being maxed.

in pfblocker I have my Interfaces, Inbound set to WAN(BLOCK) and outbound set to my LAN & OPT (REJECT)
GeoIP is set to block everything Except UK & US.
List Action set to Deny Inbound.

I also get this funny error when pfblocker is enabled

At lease install 4Gb of memory 2Gb is pushing it hard. 8Gb prefered as tables are loaded to memory for blocking rules etc.

Goto System > Advanced > Firewall and NAT then in the field that says :
Firewall Maximum Table Entries
add another 0 to it to make it 40000000.

Scroll to the bottom and save. That will solve the memory/error issues your getting in notices as there isn’t enough ram assigned to the tables.

As for YouTube, disable each service one at a time to see which is blocking it. Start with disabling the block option in suricata, try YouTube, if it works its a rule there blocking it. Look in your rules for videos and uncheck it.

Same with pfblocker if that don’t work then try it. Then enable the one that wont block YouTube then try once more.
If you can still get on YouTube then enable the other service and verify again.
Same there unblock video sites or check firewall log.

Also have you tried a reboot? This will only help with the YouTube issue possibly.

I’ve found on some issues you scratch your head on for hours will reboot away!

1 Like

Thanks man yeah I do need to upgrade this pfsense box, its like a mini ITX thing - I am going to build a bigger box over the weekend that I can add more memory to.

OK i’ll have a look at those options…I did try to disable the services pfblocker & Surricata but the issue peristsed until I uninstalled the service and rebooted. I guess its too much for this system, something is hanging somewhere.

Ill update shortly.