Not sure if bug - pfBlocker - pfctl Cannot allocate memory
-
I'm really not sure if this is a bug, or if this is WAI and the list is actually too large. Here's the log messages:
Apr 23 18:06:34 php: : The command '/sbin/pfctl -o basic -f /tmp/rules.debug' returned exit code '1', the output was '/tmp/rules.debug:17: cannot define table pfBlockerBluetack_level1: Cannot allocate memory /tmp/rules.debug:23: cannot define table pfBlockerBluetack_badpeers: Cannot allocate memory /tmp/rules.debug:27: cannot define table pfBlockerTBG_PrimaryThreats: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded' Apr 23 18:06:41 php: : New alert found: There were error(s) loading the rules: /tmp/rules.debug:17: cannot define table pfBlockerBluetack_level1: Cannot allocate memory /tmp/rules.debug:23: cannot define table pfBlockerBluetack_badpeers: Cannot allocate memory /tmp/rules.debug:27: cannot define table pfBlockerTBG_PrimaryThreats: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [17]: table <pfblockerbluetack_level1> persist file "/var/db/aliastables/pfBlockerBluetack_level1.txt" Apr 23 18:06:41 php: : There were error(s) loading the rules: /tmp/rules.debug:17: cannot define table pfBlockerBluetack_level1: Cannot allocate memory /tmp/rules.debug:23: cannot define table pfBlockerBluetack_badpeers: Cannot allocate memory /tmp/rules.debug:27: cannot define table pfBlockerTBG_PrimaryThreats: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [17]: table <pfblockerbluetack_level1> persist file "/var/db/aliastables/pfBlockerBluetack_level1.txt"</pfblockerbluetack_level1></pfblockerbluetack_level1>
pfBlockerTBG_PrimaryThreats contains a total 308,602 ranges. pfBlockerBluetack_level1 is also rather large at 231,056 ranges. I'm not indicating any significant memory constraints (<40% utilized, 0% swap) so I'm just not sure if it's actually that much demand, too many entries to handle, or an actual bug.
-
It's not a bug, you need to:
-
empty/disable your lists
-
Increase Firewall Maximum Table Entries on system -> advanced -> firewall/nat
-
re enable pfblocker lists
-
-
It's not a bug, you need to:
-
empty/disable your lists
-
Increase Firewall Maximum Table Entries on system -> advanced -> firewall/nat
-
re enable pfblocker lists
Yep, there it was.. config defaulted to 200K and I didn't even notice it.
There is a bug, though. After deleting lists, the table isn't being updated correctly. Reproducing is pretty easy, but iffy - add 5 lists, delete the 3rd. Aliases update correctly, but file table does not - instead it acts as though list 5 was deleted instead of list 3. Only happens sometimes though.
-