Can you force a rule to apply before floating rules and hold it's position?

cdsJerry

@SteveITS The backup config file is 201kp which I placed on a 60 GB Fat32 USB stick and placed into the appliance. I placed a directory called config on the root level and copied the config.xml file both onto the root, and into the config directory then cycled the power. It doesn't appear to be loading the config file from the USB drive since it's still coming up with the same memory problem.

 00

General initialization - Version: 1.0.0
AVS selection from EFUSE disabled (Skip reading EFUSE values)
Overriding default AVS value to: 0x23
Detected Device ID 6820
High speed PHY - Version: 2.0

Init Customer board board SerDes lanes topology details:
 | Lane # | Speed|    Type     |
 ------------------------------|
 |   0    |  3   |  SATA0      |
 |   1    |  5   |  PCIe0      |
 |   2    |  3   |  SATA1      |
 |   3    |  4   |  SGMII2     |
 |   4    |  5   |  PCIe1      |
 |   5    |  5   |  USB3 HOST1 |
 -------------------------------
PCIe Ref. Clock Buffer Control is 0xf00015bf, setting to 0xf00015bf
SOC_CONTROL_REG1 is 0xf00015bf, setting to 0x0707c0f3
PCIe, Idx 0: detected no link
PCIe, Idx 1: detected no link
High speed PHY - Ended Successfully
mv_ddr: mv_ddr-armada-17.06.1-g07f8294 (Oct  8 2018 - 12:59:22)
DDR4 Training Sequence - Switching XBAR Window to FastPath Window
mv_ddr: completed successfully

 __   __                      _ _
|  \/  | __ _ _ ____   _____| | |
| |\/| |/ _` | '__\ \ / / _ \ | |
| |  | | (_| | |   \ V /  __/ | |
|_|  |_|\__,_|_|    \_/ \___|_|_|
         _   _     ____              _
        | | | |   | __ )  ___   ___ | |_ 
        | | | |___|  _ \ / _ \ / _ \| __| 
        | |_| |___| |_) | (_) | (_) | |_ 
         \___/    |____/ \___/ \___/ \__| 
 ** LOADER **


U-Boot 2013.01-02879-geb5cbf6642 (Oct 08 2018 - 12:59:19) Marvell version: devel-17.06.0

Board: Rogue-1
SoC:   MV88F6820 Rev A0
       running 2 CPUs
CPU:   ARM Cortex A9 MPCore (Rev 1) LE
       CPU 0
       CPU    @ 1600 [MHz]
       L2     @ 800 [MHz]
       TClock @ 250 [MHz]
       DDR4    @ 800 [MHz]
       DDR4 32 Bit Width,FastPath Memory Access, DLB Enabled, ECC Disabled
DRAM:  2 GiB
MMC:   mv_sdh: 0
DBG: Calling spi_flash_probe from env_relocate_spec()
SF: Probing bus 0 cs 0 @ 20000000Hz mode 3
SF: Detected W25Q32JV with page size 4 KiB, total 4 MiB
PCI-e 0: Detected No Link.
PCI-e 1: Detected No Link.
USB2.0 0: Host Mode
USB3.0 1: Host Mode

Map:   Code:			0x7fedc000:0x7ff9741c
       BSS:			0x7ffef600
       Stack:			0x7f4cbf20
       Heap:			0x7f4cc000:0x7fedc000
       U-Boot Environment:	0x00100000:0x00110000 (SPI)

Board configuration detected:
Net:   
|  port  | Interface | PHY address  |
|--------|-----------|--------------|
| egiga0 |   RGMII   |     0x00     |
| egiga1 |   RGMII   |     0x01     |
| egiga2 |   SGMII   |   In-Band    |
egiga0 [PRIME], egiga1, egiga2
Hit any key to stop autoboot:  3  08 08 08 2  08 08 08 1  08 08 08 0 
reading ubldr.bin
228648 bytes read in 9 ms (24.2 MiB/s)
## Starting application at 0x00200000 ...
Consoles: U-Boot console  


Compatible U-Boot API signature found @0x7f4dc280





FreeBSD/armv6 U-Boot loader, Revision 1.2


(Tue Jul 10 10:26:23 EDT 2018 root@buildbot3)





DRAM: 2048MB


Number of U-Boot devices: 4


U-Boot env: loaderdev not set, will probe all devices.


Found U-Boot device: disk


  Probing all disk devices...


  Checking unit=0 slice=<auto> partition=<auto>...disk0: read failed, error=1





  Checking unit=1 slice=<auto> partition=<auto>...disk1: read failed, error=1





  Checking unit=2 slice=<auto> partition=<auto>... good.


Booting from disk2s2a:


| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08|
 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08|
 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08|
 08/ 08- 08\ 08| 08Loading /boot/defaults/loader.conf


/ 08- 08\ 08| 08/ 08- 08\ 08| 08console comconsole is invalid!


no valid consoles!


Available consoles:


    uboot


/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08/boot/kernel/kernel text=0x1b4 text=0x822a8c - 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08text=0x9ecfcc | 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08data=0x9664c \ 08| 08/ 08- 08\ 08data=0x0+0x48000 | 08syms=[0x4+0xa4640/ 08- 08\ 08| 08/ 08+0x4+0x102b9e- 08\ 08| 08/
 08- 08\ 08| 08/ 08]


- 08\ 08| 08/ 08- 08\ 08|


 08Hit [Enter] to boot immediately, or any other key for command prompt.



Booting [/boot/kernel/kernel] in 2 seconds... 
Booting [/boot/kernel/kernel] in 1 second... 
Booting [/boot/kernel/kernel]...               


/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/ 08- 08\ 08| 08/
 08- 08\ 08| 08/boot/dtb/armada-385-80300-0148-G00-X100.dtb size=0x6800


Loaded DTB from file 'armada-385-80300-0148-G00-X100.dtb'.


/ 08- 08\ 08| 08/ 08- 08Kernel entry at 0x400200...


Kernel args: (null)


SOC: Marvell 88F6820, TClock 250MHz, Frequency 1600MHz
  Instruction cache prefetch enabled, data cache prefetch disabled
---<<BOOT>>---
GDB: debug ports: uart
GDB: current port: uart
KDB: debugger backends: ddb gdb
KDB: current backend: ddb
Copyright (c) 1992-2023 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 14.0-CURRENT armv7 1400094 #1 plus-RELENG_23_09_1-n256200-3de1e293f3a: Wed Dec  6 20:55:45 UTC 2023
    root@freebsd:/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/obj/armv7/XXxrkrip/var/jenkins/workspace/pfSense-Plus-snapshots-23_09_1-main/sources/FreeBSD-src-plus-RELENG_23_09_1/arm.armv7/sys/pfSense-3100 arm
FreeBSD clang version 16.0.6 (https://github.com/llvm/llvm-project.git llvmorg-16.0.6-0-g7cbf1a259152)
WARNING: 32-bit kernels are deprecated and may be removed in FreeBSD 15.0.
CPU: ARM Cortex-A9 r4p1 (ECO: 0x00000000)
CPU Features: 
  Multiprocessing, Thumb2, Security, VMSAv7, Coherent Walk
Optional instructions: 
  UMULL, SMULL, SIMD(ext)
LoUU:2 LoC:2 LoUIS:2 
Cache level 1:
 32KB/32B 4-way data cache WB Read-Alloc Write-Alloc
 32KB/32B 4-way instruction cache Read-Alloc
real memory  = 2147479552 (2047 MB)
avail memory = 2081718272 (1985 MB)
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
arc4random: WARNING: initial seeding bypassed the cryptographic random device because it was not yet seeded and the knob 'bypass_before_seeding' was enabled.
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc014c0a8, 0) error 1
iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_bss_fw, 0xc014c158, 0) error 1
iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_ibss_fw, 0xc014c208, 0) error 1
iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_monitor_fw, 0xc014c2b8, 0) error 1
random: entropy device external interface
wlan: mac acl policy registered
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xc014bf48, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc014bff8, 0) error 1
ofwbus0: <Open Firmware Device Tree>
simplebus0: <Flattened device tree simple bus> on ofwbus0
simplebus1: <Flattened device tree simple bus> on simplebus0
armada38x_coreclk0: <ARMADA38X core-clock> mem 0x18600-0x18603 on simplebus1
ofw_clkbus0: <OFW clocks bus> on ofwbus0
clk_fixed0: <Fixed clock> on ofw_clkbus0
clk_fixed1: <Fixed clock> on ofw_clkbus0
regfix0: <Fixed Regulator> on ofwbus0
armada38x_gateclk0: <ARMADA38X gateclk> mem 0x18220-0x18223 on simplebus1
l2cache0: <PL310 L2 cache controller> mem 0x8000-0x8fff on simplebus1
l2cache0: cannot allocate IRQ, not using interrupt
l2cache0: Part number: 0x3, release: 0x9
l2cache0: L2 Cache enabled: 1024KB/32B 16 ways
netgate0: <Netgate 3100>
gic0: <ARM Generic Interrupt Controller> mem 0xd000-0xdfff,0xc100-0xc1ff on simplebus1
gic0: pn 0x39, arch 0x1, rev 0x2, implementer 0x43b irqs 192
mpic0: <Marvell Integrated Interrupt Controller> mem 0x20a00-0x20ccf,0x21070-0x210c7 irq 17 on simplebus1
gpio0: <Marvell Integrated GPIO Controller> mem 0x18100-0x1813f,0x181c0-0x181c7 irq 9,10,11,12 on simplebus1
gpio0: 4 IRQs available
gpio0: Disable interrupts (offset = 0 + EDGE(0x18)
gpio0: Disable interrupts (offset = 0 + LEV(0x1C))
gpio0: Setup intr 0
gpio0: Setup intr 1
gpio0: Setup intr 2
gpio0: Setup intr 3
gpio0: Clear int status (offset = 0)
gpiobus0: <GPIO bus> on gpio0
gpio1: <Marvell Integrated GPIO Controller> mem 0x18140-0x1817f,0x181c8-0x181cf irq 13,14,15,16 on simplebus1
gpio1: 4 IRQs available
gpio1: Disable interrupts (offset = 0 + EDGE(0x18)
gpio1: Disable interrupts (offset = 0 + LEV(0x1C))
gpio1: Setup intr 0
gpio1: Setup intr 1
gpio1: Setup intr 2
gpio1: Setup intr 3
gpio1: Clear int status (offset = 0)
gpiobus1: <GPIO bus> on gpio1
mp_tmr0: <ARM MPCore Timers> mem 0xc200-0xc21f irq 3 on simplebus1
Timecounter "MPCore" frequency 800000000 Hz quality 800
mp_tmr1: <ARM MPCore Timers> mem 0xc600-0xc61f irq 4 on simplebus1
Event timer "MPCore" frequency 800000000 Hz quality 1000
usb_nop_xceiv0: <USB NOP PHY> on ofwbus0
twsi0: <Marvell Integrated I2C Bus Controller> mem 0x11000-0x1101f irq 5 on simplebus1
iicbus0: <OFW I2C bus> on twsi0
iic0: <I2C generic I/O> on iicbus0
gpio2: <NXP PCA9552 LED driver> at addr 0xc0 on iicbus0
device_attach: gpio2 attach returned 6
gpio2: <ISSI IS31FL3199 9 channel light effect LED driver> at addr 0xce on iicbus0
gpiobus2: <OFW GPIO bus> on gpio2
gpioc2: <GPIO controller> on gpio2
uart0: <16550 or compatible> mem 0x12000-0x120ff irq 7 on simplebus1
ns8250: UART FCR is broken
uart0: console (115740,n,8,1)
uart1: <16550 or compatible> mem 0x12100-0x121ff irq 8 on simplebus1
gpioc0: <GPIO controller> on gpio0
gpioc1: <GPIO controller> on gpio1
wdt0: <Marvell Watchdog Timer> mem 0x20300-0x20333,0x20704-0x20707,0x18260-0x18263 irq 24,25 on simplebus1
pmsu0: <Power Management Service Unit> mem 0x22000-0x22fff on simplebus1
mvneta0: <NETA controller> mem 0x30000-0x33fff irq 26 on simplebus1
mvneta0: version is 10
miibus0: <MII bus> on mvneta0
ukphy0: <Generic IEEE 802.3u media interface> PHY 1 on miibus0
ukphy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
mvneta0: Ethernet address: 00:08:a2:0f:a9:6b
mvneta1: <NETA controller> mem 0x34000-0x37fff irq 27 on simplebus1
mvneta1: version is 10
mdio0: <MDIO> on mvneta1
e6000sw0: <Marvell 88E6141> on mdio0
e6000sw0: single-chip addressing mode
e6000sw0: PHY at port 1
miibus1: <MII bus> on e6000sw0
ukphy1: <Generic IEEE 802.3u media interface> PHY 17 on miibus1
ukphy1:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
e6000sw0: PHY at port 2
miibus2: <MII bus> on e6000sw0
ukphy2: <Generic IEEE 802.3u media interface> PHY 18 on miibus2
ukphy2:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
e6000sw0: PHY at port 3
miibus3: <MII bus> on e6000sw0
ukphy3: <Generic IEEE 802.3u media interface> PHY 19 on miibus3
ukphy3:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
e6000sw0: PHY at port 4
miibus4: <MII bus> on e6000sw0
ukphy4: <Generic IEEE 802.3u media interface> PHY 20 on miibus4
ukphy4:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
e6000sw0: CPU port at 5
e6000sw0: fixed port at 5
e6000sw0: switch is ready.
etherswitch0: <Switch controller> on e6000sw0
mvneta1: Ethernet address: 00:08:a2:0f:a9:6c
mvneta2: <NETA controller> mem 0x70000-0x73fff irq 28 on simplebus1
mvneta2: version is 10
miibus5: <MII bus> on mvneta2
ukphy5: <Generic IEEE 802.3u media interface> PHY 0 on miibus5
ukphy5:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto
mvneta2: Ethernet address: 00:08:a2:0f:a9:6d
ehci0: <Marvell Integrated USB 2.0 controller> mem 0x58000-0x584ff irq 29 on simplebus1
usbus0: EHCI version 1.0
usbus0 on ehci0
cesa0: <Marvell Cryptographic Engine and Security Accelerator> mem 0x90000-0x9ffff irq 30,31 on simplebus1
rtc0: <Marvell Integrated RTC> mem 0xa3800-0xa381f,0x184a0-0x184ab irq 32 on simplebus1
rtc0: registered as a time-of-day clock, resolution 1.000000s
ahci0: <Marvell AHCI Controller> mem 0xa8000-0xa9fff irq 33 on simplebus1
ahci0: AHCI v1.00 with 2 6Gbps ports, Port Multiplier supported with FBS
ahci0: quirks=0x200010<2CH,MRVL_SR_DEL>
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
armada_thermal0: <Armada380 Thermal Control> mem 0xe4078-0xe407b,0xe4070-0xe4077 on simplebus1
sdhci_fdt0: <ARMADA38X SDHCI controller> mem 0xd8000-0xd8fff,0xdc000-0xdc0ff,0x18454-0x18457 irq 36 on simplebus1
sdhci_fdt0: 1 slot(s) allocated
xhci0: <Generic USB 3.0 controller> mem 0xf8000-0xfbfff,0xfc000-0xfffff irq 39 on simplebus1
xhci0: 32 bytes context size, 32-bit DMA
usbus1 on xhci0
cesa1: <Marvell Cryptographic Engine and Security Accelerator> mem 0x90000-0x9ffff irq 40,41 on simplebus1
spi0: <Marvell SPI controller> mem 0xf001000000010600-0xf00100000001064f irq 1 on simplebus0
cpulist0: <Open Firmware CPU Group> on ofwbus0
cpu0: <Open Firmware CPU> on cpulist0
Timecounters tick every 1.000 msec
mvneta1: link state changed to UP
spibus0: <OFW SPI bus> on spi0
mx25l0: <M25Pxx Flash Family> at cs 0 mode 0 on spibus0
mx25l0: device type w25q32jv, size 4096K in 64 sectors of 64K, erase size 4K
Release APs
usbus0: 480Mbps High Speed USB v2.0
usbus1: 5.0Gbps Super Speed USB v3.0
Trying to mount root from ufs:/dev/diskid/DISK-36F997C2s2a [rw,noatime]...
WARNING: 32-bit kernels are deprecated and may be removed in FreeBSD 15.0.
ugen1.1: <Generic XHCI root HUB> at usbus1
ugen0.1: <Marvell EHCI root HUB> at usbus0
uhub0 on usbus1
uhub1 on usbus0
uhub0: <Generic XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus1
uhub1: <Marvell EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus0
uhub0: 2 ports with 2 removable, self powered
mmc0: <MMC/SD bus> on sdhci_fdt0
mmcsd0: 8GB <MMCHC M32508 0.1 SN 36F997C2 MFG 11/2018 by 112 0x0000> at mmc0 50.0MHz/8bit/65535-block
mmcsd0boot0: 4MB partition 1 at mmcsd0
mmcsd0boot1: 4MB partition 2 at mmcsd0
mmcsd0rpmb: 4MB partition 3 at mmcsd0
uhub1: 1 port with 1 removable, self powered
e6000sw0port1: link state changed to DOWN
e6000sw0port2: link state changed to DOWN
e6000sw0port3: link state changed to DOWN
e6000sw0port4: link state changed to DOWN
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
Root mount waiting for: CAM
WARNING: / was not properly dismounted
Configuring crash dumps...
No suitable dump device was found.
** SU+J Recovering /dev/diskid/DISK-36F997C2s2a
** Reading 11436032 byte journal from inode 4.
** Building recovery table.
** Resolving unreferenced inode list.
** Processing journal entries.
** 5 journal records in 1536 bytes for 10.42% utilization
** Freed 1 inodes (0 dirs) 0 blocks, and 0 frags.
/dev/diskid/DISK-36F997C2s2a: 
**** FILE SYSTEM MARKED CLEAN ****
random: unblocking device.
Filesystems are clean, continuing...
Mounting filesystems...

        __
 _ __  / _|___  ___ _ __  ___  ___      _
| '_ \| |_/ __|/ _ \ '_ \/ __|/ _ \   _| |_
| |_) |  _\__ \  __/ | | \__ \  __/  |_   _|
| .__/|_| |___/\___|_| |_|___/\___|    |_|
|_|


Welcome to Netgate pfSense Plus 23.09.1-RELEASE...

...ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/lib/engines /usr/local/lib/compat/pkg /usr/local/lib/ipsec /usr/local/lib/perl5/5.34/mach/CORE
done.
1514
>>> Removing vital flag from php82... done.

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 4096 bytes) in /etc/inc/xmlparse.inc on line 73
PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 73, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 4096 bytes)
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 40960 bytes) in /etc/inc/notices.inc on line 169
Launching the init system...
Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes) in /etc/inc/xmlparse.inc on line 200
PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 200, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes)
Fatal error: Uncaught ValueError: Path cannot be empty in /etc/inc/notices.inc:135
Stack trace:
#0 /etc/inc/notices.inc(135): fopen('', 'w')
#1 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors')
#2 [internal function]: pfSense_clear_globals()
#3 {main}
  thrown in /etc/inc/notices.inc on line 135
Starting CRON... done.

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes) in /etc/inc/xmlparse.inc on line 73
2024-04-01T10:27:49.949160-04:00 - php-fpm 405 - - /rc.start_packages: PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 73, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes)

PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 73, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes)
Fatal error: Uncaught ValueError: Path cannot be empty in /etc/inc/notices.inc:135
Stack trace:
#0 /etc/inc/notices.inc(135): fopen('', 'w')
#1 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors')
#2 [internal function]: pfSense_clear_globals()
#3 {main}
  thrown in /etc/inc/notices.inc on line 135
Netgate pfSense Plus 23.09.1-RELEASE arm 20231208-2055
Bootup complete


FreeBSD/arm (Amnesiac) (ttyu0)



2024-04-01T10:27:58.980156-04:00 - login 611 - - login on ttyu0 as root

 1b7 1b[r 1b[999;999H 1b[6n 1b8resizewin: timeout reading from terminal

Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes) in /etc/inc/xmlparse.inc on line 73
PHP ERROR: Type: 1, File: /etc/inc/xmlparse.inc, Line: 73, Message: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8192 bytes)
Fatal error: Uncaught ValueError: Path cannot be empty in /etc/inc/notices.inc:135
Stack trace:
#0 /etc/inc/notices.inc(135): fopen('', 'w')
#1 /etc/inc/config.lib.inc(1168): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors')
#2 [internal function]: pfSense_clear_globals()
#3 {main}
  thrown in /etc/inc/notices.inc on line 135

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + Netgate pfSense Plus tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Enable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

Enter an option:

SteveITS

@cdsJerry said in Can you force a rule to apply before floating rules and hold it's position?:

Reset to factory defaults

This option doesn't work? I don't know the order of boot, maybe it is crashing trying to read the config file before it reads in the ECL file. In that case you could reinstall and restore as I noted above.

cdsJerry

@SteveITS NONE of the options work. While it does eventually come up with the menu nothing on the menu works. If I enter a number it sits for a little bit and then comes up with that same Fatal error message again. That's why I was hoping your method of reloading a config from USB would work so I could get back to some sort of control. I can't access the machine at all on the GUI.. it just says unable to load page. My only access is via the terminal cable but once it loads I have no control.

I seem to be able to enter things early in the boot process which aborts the boot but I don't know what I'm doing enough to do anything useful once I get it to abort the loading process.

SteveITS

@cdsJerry You could try a different/smaller USB stick for the ECL?

If it was me I'd just reinstall. It's easier than it sounds, once the image is written to USB stick.

cdsJerry

@SteveITS it doesn't seem to recognize the USB drive to restore the config so how would it see it to reinstall everything? If it sees it, then it should do the config and solve the problem right? And if it doesn't see it, then having an installation file on it won't work either.

I seem to recall that because it's an appliance I have to get a special installation file or code if I do a reset? And being EOL the wouldn't be a new code so I'd be SOL.

I'll use a smaller USB drive and try to get the config to work again. Back soon.

cdsJerry

@SteveITS The smaller drive didn't seem to make any difference. Same errors. Still no response to menu.

SteveITS

@cdsJerry You'd get 23.09.1 which is valid for the 3100. Technically so is 24.03 minus a few packages (per the pending release notes) but you could ask for 23.09.1. Yes you need to ask, see my link above to the manual page.

You could try renaming/deleting the config file on disk, not sure what pfSense will do if it's missing.

cdsJerry

@SteveITS if it won't read the config file from the USB drive how likely would it be that it would read the package file to reload everything?
It appears that it's seeing the USB drive but the ECL doesn't seem to be working.

SteveITS

@cdsJerry I guess it depends on whether pfSense doesn't recognize the drive, or whether it doesn't get far enough to read in the new file because it crashes too early.

If it doesn't see the USB stick then it shouldn't hurt to try...if it can't it would just bypass it and boot normally.

cdsJerry

@SteveITS I have to buy a subscription to get the install file for the 3100 however right? I hate to toss money at a system that doesn't appear to be working and is EOL. While I'd love to be able to save a few dollars (our company can sure use it) maybe I need to give up. Nothing so far has made any progress on this thing. My attempt to keep two rules above the pfb has resulted in an appliance that won't do anything. The attempt to make those rules into an alias screwed me.

SteveITS

@cdsJerry No, install files are free tickets.

cdsJerry

@SteveITS The reinstall seems to have worked!! It even loaded the config backup file. It's loading packages in the background as I type this. Once completed I'll attempt to set the pfb as an alias and reset the rules again. Hopefully this time it doesn't start increasing all the rules exponentially again. If it does, I'm at least confident that I can get back to this point again now.

cdsJerry

@SteveITS I'm back to where I was with the pfblocker changing the rule order again. I went into Firewall / pfBlockerNG / IP / IPv4 and created the Alias as Alias native. However I the alias doesn't show up anywhere else. It's not listed under Firewall / Aliases / IP nor does it show up as an Alias if I try to create a rule on firewall.

All the various pfb_rules are gone from the firewall as expected, but I can't add the alias rule because it doesn't seem to exist anywhere. So it says it exists... but where?

SteveITS

@cdsJerry It doesn't show on Firewall Aliases. It should show in Diagnostics/Tables, or in autocomplete like this:

Ensure you've run a Force Update in pfBlocker to create it.

cdsJerry

@SteveITS Nothing.

Screenshot 2024-04-02 153713.png

SteveITS

@cdsJerry if it's not there and not in Diagnostics/Tables, did it successfully generate via the force update? What does the pfB log say?

cdsJerry

@SteveITS It looks like it's missing a file for some reason. Given that it's a clean install how can it be missing files already? Didn't that package just reinstall after the rebuild this morning?


 CRON  PROCESS  START [ v3.2.0_7 ] [ 04/2/24 13:00:01 ]
 UPDATE PROCESS START [ v3.2.0_7 ]

===[  DNSBL Process  ]================================================


*** [ Unbound.conf file missing. Exiting! ] ***



===[  GeoIP Process  ]============================================

[ pfB_Top_v4 ]			 exists. [ 04/2/24 13:00:11 ]
[ pfB_Africa_v4 ]		 exists.
[ pfB_Europe_v4 ]		 exists. [ 04/2/24 13:00:12 ]
[ pfB_NAmerica_v4 ]		 exists.
[ pfB_Oceania_v4 ]		 exists.
[ pfB_SAmerica_v4 ]		 exists.

===[  IPv4 Process  ]=================================================


===[  Aliastables / Rules  ]==========================================

No changes to Firewall rules, skipping Filter Reload
No Changes to Aliases, Skipping pfctl Update

 UPDATE PROCESS ENDED [ 04/2/24 13:00:13 ]
 CRON  PROCESS  START [ v3.2.0_7 ] [ 04/2/24 14:00:00 ]
 UPDATE PROCESS START [ v3.2.0_7 ]

===[  DNSBL Process  ]================================================


*** [ Unbound.conf file missing. Exiting! ] ***



===[  GeoIP Process  ]============================================

[ pfB_Top_v4 ]			 exists. [ 04/2/24 14:00:09 ]
[ pfB_Africa_v4 ]		 exists. [ 04/2/24 14:00:10 ]
[ pfB_Europe_v4 ]		 exists. [ 04/2/24 14:00:11 ]
[ pfB_NAmerica_v4 ]		 exists.
[ pfB_Oceania_v4 ]		 exists.
[ pfB_SAmerica_v4 ]		 exists.

===[  IPv4 Process  ]=================================================


===[  Aliastables / Rules  ]==========================================

No changes to Firewall rules, skipping Filter Reload
No Changes to Aliases, Skipping pfctl Update

 UPDATE PROCESS ENDED

**Saving configuration [ 04/2/24 14:51:20 ]**


*** [ Unbound.conf file missing. Exiting! ] ***



** Stopping firewall filter daemon **

**Saving configuration [ 04/2/24 14:59:59 ]**


*** [ Unbound.conf file missing. Exiting! ] ***



** Restarting firewall filter daemon **

**Saving configuration [ 04/2/24 15:01:35 ]**


*** [ Unbound.conf file missing. Exiting! ] ***




** Stopping firewall filter daemon **

**Saving configuration [ 04/2/24 15:19:20 ]**


*** [ Unbound.conf file missing. Exiting! ] ***


**Saving configuration [ 04/2/24 15:19:43 ]**


*** [ Unbound.conf file missing. Exiting! ] ***



** Restarting firewall filter daemon **

**Saving configuration [ 04/2/24 15:34:50 ]**


*** [ Unbound.conf file missing. Exiting! ] ***



** Stopping firewall filter daemon **```

SteveITS

@cdsJerry said in Can you force a rule to apply before floating rules and hold it's position?:

Unbound.conf file missing

Man, you are having a tough week! Google has only ONE result for that...the source code.
https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc

if (file_exists("{$pfb['dnsbldir']}/unbound.conf")) {
...
}
else {
	pfb_logger("\n\n*** [ Unbound.conf file missing. Exiting! ] ***\n\n", 1);
}

Disable DNSBL? Enable DNSBL?

cdsJerry

@SteveITS You don't know the half of it. I lost a key employee this week. I lost my wedding band last night while killing a groundhog that was under my porch. My notebook computer died over the weekend. And my mother -in-law is moving up from Florida because my wife and I are going to need to take care of her now.

And then there's this firewall..... Which as you know was a clean install this morning and here I am beating my head on it again.

Yes... this week has sucked pretty bad so far.\

Is this what's preventing the alias from being created?

There were error(s) loading the rules: /tmp/rules.debug:53: cannot define table pfB_Europe_v4: Cannot allocate memory - The line in question reads [53]: table <pfB_Europe_v4> persist file "/var/db/aliastables/pfB_Europe_v4.txt"
@ 2024-04-02 15:20:20

SteveITS

Yikes, I hope it gets better.

@cdsJerry said in Can you force a rule to apply before floating rules and hold it's position?:

Cannot allocate memory

So either pfSense is out of memory or PHP is out of memory. Probably the latter since I think the limit is 128 MB on ARM? Usually that's not an issue until loading in files over that size because PHP has to allocate the memory to read in the file.

System/Advanced/Miscellaneous has a PHP Settings section with a memory limit.

Also check System/Advanced/Firewall & NAT that Firewall Maximum Table Entries is minimum 2 million when using pfBlocker, and raise as necessary.

Depending on what you're doing with pfB_Europe_v4, it is usually way more efficient to "allow my country" than "block the world" because the latter uses lots more RAM/table entry space.