I've already posted this question in the dutch subforum, but it might be better on this one.
Since a DDoS attack on several Belgium government websites last Thursday, it is not possible to reach (for example) the website https://belgium.be
This is only the case for clients behind opnsense and pfsense firewalls on multiple isp's en locations (also multiple fw versions). When I connect directly to the modem (same ip), everything works well.
I suppose this is a result of the actions they took to stop the DDoS attack, but it's very strange also pfsense/opnsense firewalls are affected by these actions.
Thanks in advance,
Guy
I have no issues accessing this website from a host behind OPNsense. belgium.be resolves to 2a01:690:35:100::f5:79, my ISP is Vodafone Germany.
Cheers
Maurice
Thank you for your feedback. That does only make it stranger to me.
Another thing is clients told me the website sometimes works (not when I'm testing), but only for a few minutes.
It makes no sense to me...
Hi,
your OPNsense is blocking IPv6?
belgium.be to me (Germany) is not accessible via IPv4, seems as if packet filtering on their side happens
via IPv6 I get a stable page hit as already mentioned
We have no ipv6 configured at the customers. I was also already thinking of packat filtering, but on what base?
Without pfsense/opensense there is no problem.
I would look at DNS first. Do you get the same A record when resolving this via OPNsense / Unbound vs. the ISP's resolver?
Also, do you have IPv6 configured on the FW at all ? If the site only works in v6 you'll need more than just DNS to get things going.
There's no direct causality or correlation between DDoS and the two firewalls.