Can you force a rule to apply before floating rules and hold it's position?

cdsJerry

@SteveITS Do I just start deleting all those 64 sets of pass rules it created? Since they are duplicates of each other do I have any risk that it would delete all the rules that have the same name? Is there a way to delete multiple rules at the same time? Each time I hit delete it has to reload the page which takes several minutes. Actually I'm still waiting for it to reload the page after deleting the first rule and hitting apply changes. It's just spinning. Every now and then I get a message saying the page is taking a while and asking if I want to wait.

It's been 12 min. at this point and it's still trying to load the Firewall / Rules / WAN page. If i try to scroll down the page it shows me the first set of rules duplicated 3 times but after that it just shows empty lines. The elevator box indicates that the page is very long however it fails to ever load any further.

I think I need to figure that out before I start adding another rule.

SteveITS

@cdsJerry Have never seen that. Alias Native doesn't create any rules. If you save a backup (a good idea anyway) I think there are some rule identifiers in the XML file. There are numbers that show if you hover over the green checkmark icon or the States column link.

You could manually delete duplicates in the backup file and restore it.

cdsJerry

@SteveITS @johnpoz The page finally loaded. It now shows 128 sets of every rule so my attempt to delete one of the duplicates instead caused it to double every rule in the already massive rule list. If it's going to do this, how can I possibly delete the rules? Every time I delete a rule it reloads the page which takes about 12 min.... for every rule. And I'm not even sure it's deleting the rule yet. There's no way this is working.

I restored my rules list from a backup file. That seems to have put me back where I started. I then did everything I learned above and this time it didn't start multiplying my rule set. I think it might finally be right. WHEW!!! I was pretty scared there for a bit.

SteveITS

@cdsJerry Yeah very odd.

re: hover, sorry if I wasn't clear, Firefox shows the URL for a link at the bottom of the page:

https://FQDN/firewall_rules.php?if=wan&act=toggle&id=13
or the States column (same rule):
https://FQDN/diag_dump_states.php?ruleid=122,123

re: long load times, the page actually loads all the IPs into the title tag of the alias link so it will show on hover....can take a very long time to load a page of large aliases.

cdsJerry

@SteveITS @johnpoz Update: After waiting an hour the firewall still hasn't rebooted. I cycled the power and waited another 10 min. but it's still not responding. I can't get to the GUI at all. I connected the cable to the terminal but putty won't connect. I've double checked my COM port, speed, parity etc but there's nothing.

Logged on this morning just to double check and make sure it's all working the way I expected. I had a crash report that looks like it's related to pfb and not the changes we were making. All the GUI pages are loading very slowly and I can't get the Rules page to load at all. The dashboard says I'm using 35% of the memory but all the errors I see are memory exhausted errors. I see an entry in the CRON log file that just repeats itself over and over and over.

I'd like to think this problem is unrelated, but since it started when we made the changes above it seems like it must be related. Currently it's stuck running a CRON update and I can't get any page to load nor can I even reboot the system.

===[  IPv4 Process  ]=================================================

[ US_v4 ]			 exists.
[ US_rep_v4 ]			 exists.
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 14680312 bytes) in /etc/inc/xmlparse.inc on line 268
PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 268, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 14680312 bytes) CRON  PROCESS  START [ v3.2.0_7 ] [ 03/29/24 08:00:28 ]
 UPDATE PROCESS START [ v3.2.0_7 ] [ 03/29/24 08:00:44 ]

===[  DNSBL Process  ]================================================


===[  GeoIP Process  ]============================================

[ pfB_Top_v4 ]			 exists. [ 03/29/24 08:03:10 ]
[ pfB_Africa_v4 ]		 exists. [ 03/29/24 08:03:11 ]
[ pfB_Europe_v4 ]		 exists. [ 03/29/24 08:03:12 ]
[ pfB_NAmerica_v4 ]		 exists.
[ pfB_Oceania_v4 ]		 exists. [ 03/29/24 08:03:13 ]
[ pfB_SAmerica_v4 ]		 exists.

===[  IPv4 Process  ]=================================================

There were error(s) loading the rules: /tmp/rules.debug:63: cannot define table pfB_Top_v4: Cannot allocate memory - The line in question reads [63]: table <pfB_Top_v4> persist file "/var/db/aliastables/pfB_Top_v4.txt"
@ 2024-03-29 01:01:22

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 14680312 bytes) in /etc/inc/xmlparse.inc on line 268
PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 268, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 14680312 bytes)

Crash report begins.  Anonymous machine information:

arm
14.0-CURRENT
FreeBSD 14.0-CURRENT armv7 1400094 #1 plus-RELENG_23_09_1-n256200-3de1e293f3a: Wed Dec  6 20:55:45 UTC 2023     root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/obj/armv7/XXxrkrip/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1

Crash report details:

PHP Errors:
[29-Mar-2024 02:01:19 America/New_York] PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 12307440 bytes) in /etc/inc/crypt.inc on line 76
[29-Mar-2024 03:01:56 America/New_York] PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 14680312 bytes) in /etc/inc/xmlparse.inc on line 268
[29-Mar-2024 06:01:59 America/New_York] PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 14680312 bytes) in /etc/inc/xmlparse.inc on line 268
[29-Mar-2024 07:01:58 America/New_York] PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 14680312 bytes) in /etc/inc/xmlparse.inc on line 268
[29-Mar-2024 08:04:14 America/New_York] PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 14680312 bytes) in /etc/inc/xmlparse.inc on line 268



No FreeBSD crash data found.

SteveITS

@cdsJerry How much RAM is in the device? IIRC 128 MB is the PHP memory limit if the device is either <= 1 GB RAM or maybe < 4 GB, I don't recall.

PHP has a limit and of course the hardware RAM is a limit. The PHP limit is set in System/Advanced/Miscellaneous.

Large pfBlocker lists will of course exhaust the PHP limit loading in the list. Perhaps if it is repeatedly trying and crashing that is your issue?

If you are using "pfB_Top_v4" to "block the world" it is normally much better to "allow by country" instead as it will use far less memory.

cdsJerry

@SteveITS I've been able to get an old pfsense system up and running so the servers are back on line so the panic is over. Of course it's running an old rule set so it's less than ideal.

The unit that we've been working on is a Netgate appliance SG-3100-US. I don't know how much RAM is in it and as I'm not able to access it in any way, I can't look.

When I try to connect via the GUI it won't load the page at all. It doesn't answer pings. I can't connect via the Serial cable either. Putty just "dings" when I try to open the connection. In short, I have no way to access the firewall at the current time. I have cycled the power twice. The lights on the front of the device look normal. The light on the far right is slowly pulsing blue. Any suggestions?

SteveITS

@cdsJerry The 3100 has 2 GB RAM. It's a 32 bit CPU. FYI as such it just hit EOL per their blog post last October-ish.
https://docs.netgate.com/pfsense/en/latest/releases/24-03.html#hardware-specific-notes

The blue pulse is normal/booted. https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/io-ports.html#led-patterns

Not sure why the console wouldn't be working, try a different cable?
https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/connect-to-console.html
It should at least show the boot process.
https://docs.netgate.com/pfsense/en/latest/troubleshooting/connect-to-gui.html

cdsJerry

@SteveITS
That's the weird little cable that isn't like any other cable. I've always just left it connected to the firewall so the connection wouldn't be worn and the cable wouldn't get any wires broken. I'm connecting with a different computer than usual, the other one died. This machine is Windows 11 Pro. But I have the bridge installed. The firewall does show in device manager and I'm getting the right port. I really doubt it's the cable. Putty just dings as soon as I hit "open". Shouldn't it take some time as it's trying to connect?

cdsJerry

@SteveITS @johnpoz I was able to access the terminal using a program other than Putty so I'm in. I get the menu but then a bit later it crashes with the memory error again. But now that I'm in, what do I need to do? I tried selecting 15 to load a previous configuration but I never get any additional prompts. It crashes with the memory error. I also tried 13 but again, no prompts before it crashes with the memory error. What steps do I need to take to restore it to a backup that doesn't crash?

SteveITS

@cdsJerry If your rules are repeated as you say maybe the config file itself is over 128 MB? Look in /cf/conf .

There is a command line history if it hasn't been overwritten.
https://docs.netgate.com/pfsense/en/latest/backup/restore.html#console-configuration-history

cdsJerry

@SteveITS We deleted the repeating rules problem and restored to an earlier version of the rules. The memory problem now seems related to a line somewhere in pfb.

Since it's loading pfsense then crashing how do I even get into it to see what's in the /cf/conf? I'm not very good at Linux and since it's crashing all the time I have even less chance. I'm not at a #line but rather the pfSense menu... then crash.

SteveITS

@cdsJerry if you use the option for shell, then:

ls -l /cf/conf

...will show the directory. "exit" will exit back to the menu.

ls = list (directory)
-l = long/verbose

One option is to use the menu option to restore to factory defaults, then restore from a good backup.

A more involved one is to reinstall from USB stick (https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/reinstall-pfsense.html) and restore from backup.

cdsJerry

@SteveITS I can't use any of the options. The program crashes. I have tried selecting every option on the menu but because of the crash none of them work. I have a backup on a thumbdrive connected to my computer but since I can't get to the menus, I can't restore it.

SteveITS

@cdsJerry How big is the config file your USB stick?

There is a way to have pfSense read in the config file at boot:
https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html#restore-using-the-external-configuration-locator-ecl
Note it uses a \config directory not \conf.

Or the reinstall as I noted.

cdsJerry

@SteveITS The backup config file is 201kp which I placed on a 60 GB Fat32 USB stick and placed into the appliance. I placed a directory called config on the root level and copied the config.xml file both onto the root, and into the config directory then cycled the power. It doesn't appear to be loading the config file from the USB drive since it's still coming up with the same memory problem.

 00

General initialization - Version: 1.0.0
AVS selection from EFUSE disabled (Skip reading EFUSE values)
Overriding default AVS value to: 0x23
Detected Device ID 6820
High speed PHY - Version: 2.0

Init Customer board board SerDes lanes topology details:
 | Lane # | Speed|    Type     |
 ------------------------------|
 |   0    |  3   |  SATA0      |
 |   1    |  5   |  PCIe0      |
 |   2    |  3   |  SATA1      |
 |   3    |  4   |  SGMII2     |
 |   4    |  5   |  PCIe1      |
 |   5    |  5   |  USB3 HOST1 |
 -------------------------------
PCIe Ref. Clock Buffer Control is 0xf00015bf, setting to 0xf00015bf
SOC_CONTROL_REG1 is 0xf00015bf, setting to 0x0707c0f3
PCIe, Idx 0: detected no link
PCIe, Idx 1: detected no link
High speed PHY - Ended Successfully
mv_ddr: mv_ddr-armada-17.06.1-g07f8294 (Oct  8 2018 - 12:59:22)
DDR4 Training Sequence - Switching XBAR Window to FastPath Window
mv_ddr: completed successfully

 __   __                      _ _
|  \/  | __ _ _ ____   _____| | |
| |\/| |/ _` | '__\ \ / / _ \ | |
| |  | | (_| | |   \ V /  __/ | |
|_|  |_|\__,_|_|    \_/ \___|_|_|
         _   _     ____              _
        | | | |   | __ )  ___   ___ | |_ 
        | | | |___|  _ \ / _ \ / _ \| __| 
        | |_| |___| |_) | (_) | (_) | |_ 
         \___/    |____/ \___/ \___/ \__| 
 ** LOADER **


U-Boot 2013.01-02879-geb5cbf6642 (Oct 08 2018 - 12:59:19) Marvell version: devel-17.06.0

Board: Rogue-1
SoC:   MV88F6820 Rev A0
       running 2 CPUs
CPU:   ARM Cortex A9 MPCore (Rev 1) LE
       CPU 0
       CPU    @ 1600 [MHz]
       L2     @ 800 [MHz]
       TClock @ 250 [MHz]
       DDR4    @ 800 [MHz]
       DDR4 32 Bit Width,FastPath Memory Access, DLB Enabled, ECC Disabled
DRAM:  2 GiB
MMC:   mv_sdh: 0
DBG: Calling spi_flash_probe from env_relocate_spec()
SF: Probing bus 0 cs 0 @ 20000000Hz mode 3
SF: Detected W25Q32JV with page size 4 KiB, total 4 MiB
PCI-e 0: Detected No Link.
PCI-e 1: Detected No Link.
USB2.0 0: Host Mode
USB3.0 1: Host Mode

Map:   Code:			0x7fedc000:0x7ff9741c
       BSS:			0x7ffef600
       Stack:			0x7f4cbf20
       Heap:			0x7f4cc000:0x7fedc000
       U-Boot Environment:	0x00100000:0x00110000 (SPI)

Board configuration detected:
Net:   
|  port  | Interface | PHY address  |
|--------|-----------|--------------|
| egiga0 |   RGMII   |     0x00     |
| egiga1 |   RGMII   |     0x01     |
| egiga2 |   SGMII   |   In-Band    |
egiga0 [PRIME], egiga1, egiga2
Hit any key to stop autoboot:  3  08 08 08 2  08 08 08 1  08 08 08 0 
reading ubldr.bin
228648 bytes read in 9 ms (24.2 MiB/s)
## Starting application at 0x00200000 ...
Consoles: U-Boot console  


Compatible U-Boot API signature found @0x7f4dc280





FreeBSD/armv6 U-Boot loader, Revision 1.2


(Tue Jul 10 10:26:23 EDT 2018 root@buildbot3)





DRAM: 2048MB


Number of U-Boot devices: 4


U-Boot env: loaderdev not set, will probe all devices.


Found U-Boot device: disk


  Probing all disk devices...


  Checking unit=0 slice=<auto> partition=<auto>...disk0: read failed, error=1





  Checking unit=1 slice=<auto> partition=<auto>...disk1: read failed, error=1





  Checking unit=2 slice=<auto> partition=<auto>... good.


Booting from disk2s2a:


| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08|
 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08|
 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08|
 08/ 08- 08\ 08| 08Loading /boot/defaults/loader.conf


/ 08- 08\ 08| 08/ 08- 08\ 08| 08console comconsole is invalid!


no valid consoles!


Available consoles:


    uboot


/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08/boot/kernel/kernel text=0x1b4 text=0x822a8c - 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08text=0x9ecfcc | 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08data=0x9664c \ 08| 08/ 08- 08\ 08data=0x0+0x48000 | 08syms=[0x4+0xa4640/ 08- 08\ 08| 08/ 08+0x4+0x102b9e- 08\ 08| 08/
 08- 08\ 08| 08/ 08]


- 08\ 08| 08/ 08- 08\ 08|


 08Hit [Enter] to boot immediately, or any other key for command prompt.



Booting [/boot/kernel/kernel] in 2 seconds... 
Booting [/boot/kernel/kernel] in 1 second... 
Booting [/boot/kernel/kernel]...               


/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/boot/dtb/armada-385-80300-0148-G00-X100.dtb size=0x6800


Loaded DTB from file 'armada-385-80300-0148-G00-X100.dtb'.


/ 08- 08\ 08| 08/ 08- 08Kernel entry at 0x400200...


Kernel args: (null)


SOC: Marvell 88F6820, TClock 250MHz, Frequency 1600MHz
  Instruction cache prefetch enabled, data cache prefetch disabled
---<<BOOT>>---
GDB: debug ports: uart
GDB: current port: uart
KDB: debugger backends: ddb gdb
KDB: current backend: ddb
Copyright (c) 1992-2023 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 14.0-CURRENT armv7 1400094 #1 plus-RELENG_23_09_1-n256200-3de1e293f3a: Wed Dec  6 20:55:45 UTC 2023
    root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/obj/armv7/XXxrkrip/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/sources/FreeBSD-src-plus-RELENG_23_09_1/arm.armv7/sys/pfSense-3100 arm
FreeBSD clang version 16.0.6 (https://github.com/llvm/llvm-project.git llvmorg-16.0.6-0-g7cbf1a259152)
WARNING: 32-bit kernels are deprecated and may be removed in FreeBSD 15.0.
CPU: ARM Cortex-A9 r4p1 (ECO: 0x00000000)
CPU Features: 
  Multiprocessing, Thumb2, Security, VMSAv7, Coherent Walk
Optional instructions: 
  UMULL, SMULL, SIMD(ext)
LoUU:2 LoC:2 LoUIS:2 
Cache level 1:
 32KB/32B 4-way data cache WB Read-Alloc Write-Alloc
 32KB/32B 4-way instruction cache Read-Alloc
real memory  = 2147479552 (2047 MB)
avail memory = 2081718272 (1985 MB)
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
arc4random: WARNING: initial seeding bypassed the cryptographic random device because it was not yet seeded and the knob 'bypass_before_seeding' was enabled.
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc014c0a8, 0) error 1
iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_bss_fw, 0xc014c158, 0) error 1
iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_ibss_fw, 0xc014c208, 0) error 1
iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_monitor_fw, 0xc014c2b8, 0) error 1
random: entropy device external interface
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xc014bf48, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc014bff8, 0) error 1
ofwbus0: <Open Firmware Device Tree>
simplebus0: <Flattened device tree simple bus> on ofwbus0
simplebus1: <Flattened device tree simple bus> on simplebus0
armada38x_coreclk0: <ARMADA38X core-clock> mem 0x18600-0x18603 on simplebus1
ofw_clkbus0: <OFW clocks bus> on ofwbus0
clk_fixed0: <Fixed clock> on ofw_clkbus0
clk_fixed1: <Fixed clock> on ofw_clkbus0
regfix0: <Fixed Regulator> on ofwbus0
armada38x_gateclk0: <ARMADA38X gateclk> mem 0x18220-0x18223 on simplebus1
l2cache0: <PL310 L2 cache controller> mem 0x8000-0x8fff on simplebus1
l2cache0: cannot allocate IRQ, not using interrupt
l2cache0: Part number: 0x3, release: 0x9
l2cache0: L2 Cache enabled: 1024KB/32B 16 ways
netgate0: <Netgate 3100>
gic0: <ARM Generic Interrupt Controller> mem 0xd000-0xdfff,0xc100-0xc1ff on simplebus1
gic0: pn 0x39, arch 0x1, rev 0x2, implementer 0x43b irqs 192
mpic0: <Marvell Integrated Interrupt Controller> mem 0x20a00-0x20ccf,0x21070-0x210c7 irq 17 on simplebus1
gpio0: <Marvell Integrated GPIO Controller> mem 0x18100-0x1813f,0x181c0-0x181c7 irq 9,10,11,12 on simplebus1
gpio0: 4 IRQs available
gpio0: Disable interrupts (offset = 0 + EDGE(0x18)
gpio0: Disable interrupts (offset = 0 + LEV(0x1C))
gpio0: Setup intr 0
gpio0: Setup intr 1
gpio0: Setup intr 2
gpio0: Setup intr 3
gpio0: Clear int status (offset = 0)
gpiobus0: <GPIO bus> on gpio0
gpio1: <Marvell Integrated GPIO Controller> mem 0x18140-0x1817f,0x181c8-0x181cf irq 13,14,15,16 on simplebus1
gpio1: 4 IRQs available
gpio1: Disable interrupts (offset = 0 + EDGE(0x18)
gpio1: Disable interrupts (offset = 0 + LEV(0x1C))
gpio1: Setup intr 0
gpio1: Setup intr 1
gpio1: Setup intr 2
gpio1: Setup intr 3
gpio1: Clear int status (offset = 0)
gpiobus1: <GPIO bus> on gpio1
mp_tmr0: <ARM MPCore Timers> mem 0xc200-0xc21f irq 3 on simplebus1
Timecounter "MPCore" frequency 800000000 Hz quality 800
mp_tmr1: <ARM MPCore Timers> mem 0xc600-0xc61f irq 4 on simplebus1
Event timer "MPCore" frequency 800000000 Hz quality 1000
usb_nop_xceiv0: <USB NOP PHY> on ofwbus0
twsi0: <Marvell Integrated I2C Bus Controller> mem 0x11000-0x1101f irq 5 on simplebus1
iicbus0: <OFW I2C bus> on twsi0
iic0: <I2C generic I/O> on iicbus0
gpio2: <NXP PCA9552 LED driver> at addr 0xc0 on iicbus0
device_attach: gpio2 attach returned 6
gpio2: <ISSI IS31FL3199 9 channel light effect LED driver> at addr 0xce on iicbus0
gpiobus2: <OFW GPIO bus> on gpio2
gpioc2: <GPIO controller> on gpio2
uart0: <16550 or compatible> mem 0x12000-0x120ff irq 7 on simplebus1
ns8250: UART FCR is broken
uart0: console (115740,n,8,1)
uart1: <16550 or compatible> mem 0x12100-0x121ff irq 8 on simplebus1
gpioc0: <GPIO controller> on gpio0
gpioc1: <GPIO controller> on gpio1
wdt0: <Marvell Watchdog Timer> mem 0x20300-0x20333,0x20704-0x20707,0x18260-0x18263 irq 24,25 on simplebus1
pmsu0: <Power Management Service Unit> mem 0x22000-0x22fff on simplebus1
mvneta0: <NETA controller> mem 0x30000-0x33fff irq 26 on simplebus1
mvneta0: version is 10
miibus0: <MII bus> on mvneta0
ukphy0: <Generic IEEE 802.3u media interface> PHY 1 on miibus0
ukphy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
mvneta0: Ethernet address: 00:08:a2:0f:a9:6b
mvneta1: <NETA controller> mem 0x34000-0x37fff irq 27 on simplebus1
mvneta1: version is 10
mdio0: <MDIO> on mvneta1
e6000sw0: <Marvell 88E6141> on mdio0
e6000sw0: single-chip addressing mode
e6000sw0: PHY at port 1
miibus1: <MII bus> on e6000sw0
ukphy1: <Generic IEEE 802.3u media interface> PHY 17 on miibus1
ukphy1:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
e6000sw0: PHY at port 2
miibus2: <MII bus> on e6000sw0
ukphy2: <Generic IEEE 802.3u media interface> PHY 18 on miibus2
ukphy2:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
e6000sw0: PHY at port 3
miibus3: <MII bus> on e6000sw0
ukphy3: <Generic IEEE 802.3u media interface> PHY 19 on miibus3
ukphy3:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
e6000sw0: PHY at port 4
miibus4: <MII bus> on e6000sw0
ukphy4: <Generic IEEE 802.3u media interface> PHY 20 on miibus4
ukphy4:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
e6000sw0: CPU port at 5
e6000sw0: fixed port at 5
e6000sw0: switch is ready.
etherswitch0: <Switch controller> on e6000sw0
mvneta1: Ethernet address: 00:08:a2:0f:a9:6c
mvneta2: <NETA controller> mem 0x70000-0x73fff irq 28 on simplebus1
mvneta2: version is 10
miibus5: <MII bus> on mvneta2
ukphy5: <Generic IEEE 802.3u media interface> PHY 0 on miibus5
ukphy5:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
mvneta2: Ethernet address: 00:08:a2:0f:a9:6d
ehci0: <Marvell Integrated USB 2.0 controller> mem 0x58000-0x584ff irq 29 on simplebus1
usbus0: EHCI version 1.0
usbus0 on ehci0
cesa0: <Marvell Cryptographic Engine and Security Accelerator> mem 0x90000-0x9ffff irq 30,31 on simplebus1
rtc0: <Marvell Integrated RTC> mem 0xa3800-0xa381f,0x184a0-0x184ab irq 32 on simplebus1
rtc0: registered as a time-of-day clock, resolution 1.000000s
ahci0: <Marvell AHCI Controller> mem 0xa8000-0xa9fff irq 33 on simplebus1
ahci0: AHCI v1.00 with 2 6Gbps ports, Port Multiplier supported with FBS
ahci0: quirks=0x200010<2CH,MRVL_SR_DEL>
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
armada_thermal0: <Armada380 Thermal Control> mem 0xe4078-0xe407b,0xe4070-0xe4077 on simplebus1
sdhci_fdt0: <ARMADA38X SDHCI controller> mem 0xd8000-0xd8fff,0xdc000-0xdc0ff,0x18454-0x18457 irq 36 on simplebus1
sdhci_fdt0: 1 slot(s) allocated
xhci0: <Generic USB 3.0 controller> mem 0xf8000-0xfbfff,0xfc000-0xfffff irq 39 on simplebus1
xhci0: 32 bytes context size, 32-bit DMA
usbus1 on xhci0
cesa1: <Marvell Cryptographic Engine and Security Accelerator> mem 0x90000-0x9ffff irq 40,41 on simplebus1
spi0: <Marvell SPI controller> mem 0xf001000000010600-0xf00100000001064f irq 1 on simplebus0
cpulist0: <Open Firmware CPU Group> on ofwbus0
cpu0: <Open Firmware CPU> on cpulist0
Timecounters tick every 1.000 msec
mvneta1: link state changed to UP
spibus0: <OFW SPI bus> on spi0
mx25l0: <M25Pxx Flash Family> at cs 0 mode 0 on spibus0
mx25l0: device type w25q32jv, size 4096K in 64 sectors of 64K, erase size 4K
Release APs
usbus0: 480Mbps High Speed USB v2.0
usbus1: 5.0Gbps Super Speed USB v3.0
Trying to mount root from ufs:/dev/diskid/DISK-36F997C2s2a [rw,noatime]...
WARNING: 32-bit kernels are deprecated and may be removed in FreeBSD 15.0.
ugen1.1: <Generic XHCI root HUB> at usbus1
ugen0.1: <Marvell EHCI root HUB> at usbus0
uhub0 on usbus1
uhub1 on usbus0
uhub0: <Generic XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus1
uhub1: <Marvell EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus0
uhub0: 2 ports with 2 removable, self powered
mmc0: <MMC/SD bus> on sdhci_fdt0
mmcsd0: 8GB <MMCHC M32508 0.1 SN 36F997C2 MFG 11/2018 by 112 0x0000> at mmc0 50.0MHz/8bit/65535-block
mmcsd0boot0: 4MB partition 1 at mmcsd0
mmcsd0boot1: 4MB partition 2 at mmcsd0
mmcsd0rpmb: 4MB partition 3 at mmcsd0
uhub1: 1 port with 1 removable, self powered
e6000sw0port1: link state changed to DOWN
e6000sw0port2: link state changed to DOWN
e6000sw0port3: link state changed to DOWN
e6000sw0port4: link state changed to DOWN
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
WARNING: / was not properly dismounted
Configuring crash dumps...
No suitable dump device was found.
** SU+J Recovering /dev/diskid/DISK-36F997C2s2a
** Reading 11436032 byte journal from inode 4.
** Building recovery table.
** Resolving unreferenced inode list.
** Processing journal entries.
** 5 journal records in 1536 bytes for 10.42% utilization
** Freed 1 inodes (0 dirs) 0 blocks, and 0 frags.
/dev/diskid/DISK-36F997C2s2a: 
**** FILE SYSTEM MARKED CLEAN ****
random: unblocking device.
Filesystems are clean, continuing...
Mounting filesystems...

        __
 _ __  / _|___  ___ _ __  ___  ___      _
| '_ \| |_/ __|/ _ \ '_ \/ __|/ _ \   _| |_
| |_) |  _\__ \  __/ | | \__ \  __/  |_   _|
| .__/|_| |___/\___|_| |_|___/\___|    |_|
|_|


Welcome to Netgate pfSense Plus 23.09.1-RELEASE...

...ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/lib/engines /usr/local/lib/compat/pkg /usr/local/lib/ipsec /usr/local/lib/perl5/5.34/mach/CORE
done.
1514
>>> Removing vital flag from php82... done.

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 4096 bytes) in /etc/inc/xmlparse.inc on line 73
PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 73, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 4096 bytes)
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 40960 bytes) in /etc/inc/notices.inc on line 169
Launching the init system...
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes) in /etc/inc/xmlparse.inc on line 200
PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 200, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes)
Fatal error: Uncaught ValueError: Path cannot be empty in /etc/inc/notices.inc:135
Stack trace:
#0 /etc/inc/notices.inc(135): fopen('', 'w')
#1 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors')
#2 [internal function]: pfSense_clear_globals()
#3 {main}
  thrown in /etc/inc/notices.inc on line 135
Starting CRON... done.

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes) in /etc/inc/xmlparse.inc on line 73
2024-04-01T10:27:49.949160-04:00 - php-fpm 405 - - /rc.start_packages: PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 73, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes)

PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 73, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes)
Fatal error: Uncaught ValueError: Path cannot be empty in /etc/inc/notices.inc:135
Stack trace:
#0 /etc/inc/notices.inc(135): fopen('', 'w')
#1 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors')
#2 [internal function]: pfSense_clear_globals()
#3 {main}
  thrown in /etc/inc/notices.inc on line 135
Netgate pfSense Plus 23.09.1-RELEASE arm 20231208-2055
Bootup complete


FreeBSD/arm (Amnesiac) (ttyu0)



2024-04-01T10:27:58.980156-04:00 - login 611 - - login on ttyu0 as root

 1b7 1b[r 1b[999;999H 1b[6n 1b8resizewin: timeout reading from terminal

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes) in /etc/inc/xmlparse.inc on line 73
PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 73, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes)
Fatal error: Uncaught ValueError: Path cannot be empty in /etc/inc/notices.inc:135
Stack trace:
#0 /etc/inc/notices.inc(135): fopen('', 'w')
#1 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors')
#2 [internal function]: pfSense_clear_globals()
#3 {main}
  thrown in /etc/inc/notices.inc on line 135

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + Netgate pfSense Plus tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Enable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option: 

SteveITS

@cdsJerry said in Can you force a rule to apply before floating rules and hold it's position?:

4. Reset to factory defaults

This option doesn't work? I don't know the order of boot, maybe it is crashing trying to read the config file before it reads in the ECL file. In that case you could reinstall and restore as I noted above.

cdsJerry

@SteveITS NONE of the options work. While it does eventually come up with the menu nothing on the menu works. If I enter a number it sits for a little bit and then comes up with that same Fatal error message again. That's why I was hoping your method of reloading a config from USB would work so I could get back to some sort of control. I can't access the machine at all on the GUI.. it just says unable to load page. My only access is via the terminal cable but once it loads I have no control.

I seem to be able to enter things early in the boot process which aborts the boot but I don't know what I'm doing enough to do anything useful once I get it to abort the loading process.

SteveITS

@cdsJerry You could try a different/smaller USB stick for the ECL?

If it was me I'd just reinstall. It's easier than it sounds, once the image is written to USB stick.

cdsJerry

@SteveITS it doesn't seem to recognize the USB drive to restore the config so how would it see it to reinstall everything? If it sees it, then it should do the config and solve the problem right? And if it doesn't see it, then having an installation file on it won't work either.

I seem to recall that because it's an appliance I have to get a special installation file or code if I do a reset? And being EOL the wouldn't be a new code so I'd be SOL.

I'll use a smaller USB drive and try to get the config to work again. Back soon.