What are thes errors?
-
System - Advanced - Networking - Firewall/NAT - Firewall Maximum Table Entries
-
ok… now what?
it say
Maximum number of table entries for systems such as aliases, sshlockout, snort, etc, combined.
Note: Leave this blank for the default. On your system the default size is: 200000 -
Bump it higher, of course!
-
higher than 200000 :o never had this issue in 2.0.3 , why now with the newer one?
Modify:
I did set them to 500000 and i am still getting the errors -
FWIW (not much nowadays) I'm running 10mil (10,000,000) for max table entries.
Cannot allocate memory (shown in the error) means "for some reason, despite all my extra-zealous efforts, I could not pick up and store that large amount of data in my memory. This could be due to the memory being too small (editor's note: too few table entries is exactly this) or the data being too large."
Barring a bug, it's either too few entries or out of ram. That or a RAM module got fried during reboot. Disclaimer: "barring a bug" in the context of this post means: assuming that a bug (a programming error) does NOT exist in any way and/or shape and/or form, in the pfblocker package and/or pfsense as a whole, taking into consideration that it (pfsense) is a collection of many different programs. Neither party should be held liable for the possible existence of this bug.
If 500000 seems large, wait until ipv6 is here.
-
I did set them to 500000 and i am still getting the errors
Not high enough. You realize you are trying to block billions of people? Alternatively, you of course are free to stop using similar insane (and no longer updated either) blocklists.
-
Its too bad you can only thank someone once…
Some packages should have warnings like medicine:Warning use of this package may cause side effects including but not limited blindness from reading forums all day, horse throat from screaming, baldness from pulling out hair, loss of family from becoming totally distracted by broken router, irritated forum members, bankrupcy from buying excessive hardware to solve a software problem or even death due to fatigue, loss of sleep and eventual suicide.
-
I did set them to 500000 and i am still getting the errors
Not high enough. You realize you are trying to block billions of people? Alternatively, you of course are free to stop using similar insane (and no longer updated either) blocklists.
As a hijack - what block lists do you suggest and package to apply them?
-
Its too bad you can only thank someone once…
Some packages should have warnings like medicine:Warning use of this package may cause side effects including but not limited blindness from reading forums all day, horse throat from screaming, baldness from pulling out hair, loss of family from becoming totally distracted by broken router, irritated forum members, bankrupcy from buying excessive hardware to solve a software problem or even death due to fatigue, loss of sleep and eventual suicide.
I get the bolded parts when I'm trying to explain that snort is not the end all be all, top of the line, tomorrow's technology implemented today, Intrusion Detection System on these forums. Yes it has it's uses and for most people it's all they need.
Back on topic, there is a topic in these very forums, named "RFC (make up a number not in use) - Blueprint for setting up snort + pfblocker" written by an insane guy trying to help those that don't want to listen. In it there are the pfblocker lists one should use.
Since this IS the facebook generation time, here is the link for those that don't bother searching anymore: http://forum.pfsense.org/index.php/topic,64674.html
-
I'm not irritated - Forums are more entertaining that Reality TV and simultaneously useful.
Got it working? -
I know this thread is old, but changing the default value under System - Advanced - Networking - Firewall/NAT - Firewall Maximum Table Entries to 1,000,000 worked for me. 8)
-
I know this thread is old, but changing the default value under System - Advanced - Networking - Firewall/NAT - Firewall Maximum Table Entries to 1,000,000 worked for me. 8)
Happy my n00b topic could help haha ::)