Pfsense can't ping 8.8.8.8

I have been running a pfsense firewall for quite a while as a homelaber, and it has been working well for my needs for a few years, but every now and then I run into a weird issue I just can’t figure out - this being one of them.

Everything seems to be working fine, and I only noticed this as I was troubleshooting a seperate issue all together (macbook seemed to not be online, turns out its wifi was off), but I opened terminal and went to ping 8.8.8.8 and got nothing, which eventually got me to “is wifi on you dummy?”. It wasn’t, i fixed that, but still, no resposne from 8.8.8.8.

Naturally, I sshed into some of my VM’s, can’t ping 8.8.8.8 from them either

PING 8.8.8.8 (8.8.8.8): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4

Next stop, go into pfsense itself, and it can ping 8.8.8.8 successfuly from WAN, but none of my subnets as the source.

I can seemingly ping any other website or IP that I try from inside my network, just not 8.8.8.8. 8.8.4.4 works, google.com works, 1.1.1.1, etc etc. If it wasn’t for this, I wouldn’t have any idea “anything was abnormal” in my network.

I use unbound with pfblockerNG (I used lawrence systems youtube video to set a lot of this up a year or two ago, but things have seemed to work fine…).

I am not really sure how to even figure this out. When I do a treaceroute from my macbook, I get 1 hop, and then it dies inside my VLAN’s gateway regardless of which VLAN I am on which is in line with pfsense itself getting 100% packet loss when pinging from anything except WAN. So I assume unbound (or pfblocker?) is sink holing it? What should I be investigating to figure this out?

How long has this been happening? Here in the last couple weeks one of my VMs that goes through a few VPN connections will get it’s DNS request traffic dropped by 1.1.1.1 for a few hours. I figure I’m getting mitigated along with all the http/2 stuff going on.

I am not sure. I only noticed it this morning. For all I know it could have been happening for months.

you may be blocking icmp or missing a rule from your ip tables
so try…

iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT

But if that was the case, wouldn’t any and all pings fail, not just 8.8.8.8?

https://www.cloudflare.com/learning/ddos/glossary/internet-control-message-protocol-icmp/

Right… but if ICMP was being blocked, I wouldn’t be able to ping any external device. Or am I misunderstanding how ICMP works? Ping is just an ICMP echo, but I get responses from everything I try except 8.8.8.8…