Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Not sure if bug - pfBlocker - pfctl Cannot allocate memory

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RootWyrm
      last edited by

      I'm really not sure if this is a bug, or if this is WAI and the list is actually too large. Here's the log messages:

      Apr 23 18:06:34	php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:17: cannot define table pfBlockerBluetack_level1: Cannot allocate memory /tmp/rules.debug:23: cannot define table pfBlockerBluetack_badpeers: Cannot allocate memory /tmp/rules.debug:27: cannot define table pfBlockerTBG_PrimaryThreats: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded'
Apr 23 18:06:41	php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:17: cannot define table pfBlockerBluetack_level1: Cannot allocate memory /tmp/rules.debug:23: cannot define table pfBlockerBluetack_badpeers: Cannot allocate memory /tmp/rules.debug:27: cannot define table pfBlockerTBG_PrimaryThreats: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [17]: table <pfblockerbluetack_level1> persist file "/var/db/aliastables/pfBlockerBluetack_level1.txt"
Apr 23 18:06:41	php: : There were error(s) loading the rules: /tmp/rules.debug:17: cannot define table pfBlockerBluetack_level1: Cannot allocate memory /tmp/rules.debug:23: cannot define table pfBlockerBluetack_badpeers: Cannot allocate memory /tmp/rules.debug:27: cannot define table pfBlockerTBG_PrimaryThreats: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [17]: table <pfblockerbluetack_level1> persist file "/var/db/aliastables/pfBlockerBluetack_level1.txt"</pfblockerbluetack_level1></pfblockerbluetack_level1>

      pfBlockerTBG_PrimaryThreats contains a total 308,602 ranges. pfBlockerBluetack_level1 is also rather large at 231,056 ranges. I'm not indicating any significant memory constraints (<40% utilized, 0% swap) so I'm just not sure if it's actually that much demand, too many entries to handle, or an actual bug.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        It's not a bug, you need to:

        • empty/disable your lists

        • Increase Firewall Maximum Table Entries on system -> advanced -> firewall/nat

        • re enable pfblocker lists

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • R
          RootWyrm
          last edited by

          @marcelloc:

          It's not a bug, you need to:

          • empty/disable your lists

          • Increase Firewall Maximum Table Entries on system -> advanced -> firewall/nat

          • re enable pfblocker lists

          Yep, there it was.. config defaulted to 200K and I didn't even notice it.

          There is a bug, though. After deleting lists, the table isn't being updated correctly. Reproducing is pretty easy, but iffy - add 5 lists, delete the 3rd. Aliases update correctly, but file table does not - instead it acts as though list 5 was deleted instead of list 3. Only happens sometimes though.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.