[SOLVED] 2.4.3 - /rc.filter_configure_sync: cannot define table bogonsv6

A Former User

Is there a way to see how many of these Firewall Entries we are using, even if we're not getting the error?
If I'm flying close to the sun I'd like to fix it before it's a problem.

Thanks

Derelict

pfctl -vvsT | grep Addresses will get you close.

Note that reloading the tables requires double the space so if that total is getting close to half the defined table maximum you will want to increase it.

JohnnyBeGood

Thanks guys for posting the solution!
In my case I just did upgrade and since I have email notificatons enabled got below email:

Notifications in this message: 1
================================

15:15:49 There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6>persist file "/etc/bogonsv6"</bogonsv6> 

Increased to 500k and I'm hoping I won't be getting more errors although after getting it for the first time I rebooted and did not got that error.

cybrnook

I did a filter reload as well after changing to 400k. Just to make sure all rules were loaded properly.

rkillcrazy

@cybrnook:

I did a filter reload as well after changing to 400k. Just to make sure all rules were loaded properly.

Care to share with others the steps you took to accomplish this?

cybrnook

@rkillcrazy:

@cybrnook:

I did a filter reload as well after changing to 400k. Just to make sure all rules were loaded properly.

Care to share with others the steps you took to accomplish this?

Sure

System > Advanced > Firewall & NAT > Firewall Maximum Table Entries > 400000
Status > Filter Reload > Reload Filter

corvey

Fresh install of pfSense 2.4.3  introduces these errors while configuring my interfaces for the first time:

–---------------------------------------------------------------------------------
    There were error(s) loading the rules: /tmp/rules.debug:18: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [18]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:46:06
    There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:47:12
    There were error(s) loading the rules: /tmp/rules.debug:20: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [20]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:48:04
    There were error(s) loading the rules: /tmp/rules.debug:20: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [20]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:49:17
    There were error(s) loading the rules: /tmp/rules.debug:21: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [21]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:49:36
    There were error(s) loading the rules: /tmp/rules.debug:21: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [21]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:49:37
    There were error(s) loading the rules: /tmp/rules.debug:21: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [21]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:49:40
    There were error(s) loading the rules: /tmp/rules.debug:22: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [22]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:50:22
    There were error(s) loading the rules: /tmp/rules.debug:22: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [22]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:50:23
    There were error(s) loading the rules: /tmp/rules.debug:22: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [22]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:50:26
    There were error(s) loading the rules: /tmp/rules.debug:23: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [23]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:50:55
    There were error(s) loading the rules: /tmp/rules.debug:23: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [23]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:50:56
    There were error(s) loading the rules: /tmp/rules.debug:23: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [23]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:51:00
    There were error(s) loading the rules: /tmp/rules.debug:24: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [24]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:51:37
    There were error(s) loading the rules: /tmp/rules.debug:24: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [24]: table <bogonsv6> persist file "/etc/bogonsv6"
    @ 2018-04-03 13:51:38
–----------------------------------------------------------------------------------

I'm guessing the final solution in this thread is to increase the Firewall Maximum Table Entries to 800000 will be enough to cure the problem problem for awhile without any ill effects.  This is a new error in this release I haven't encountered before.

cybrnook

400000 is more than enough for today. As we are right now, the bogon file and our firewall add up to about 95000~ entries. When it reloads this table, it doubles in size before the old entries are dropped. Many of us just break that 200000 limit that is default today 95000*2 + whatever else, pushing us over the 200k limit….

The new default will be 400000 in the next release. I am using that value, and it works fine, giving you about an additional 100000 buffer (since it's X * 2 = Y, 200000 Bogon list for example would burp to 400000 on reload. but it's only at about 95000 now all-in, so you have 100000 to go, which is a lot).

People are also seeing it in 2.4.2+ as well, so not just a 2.4.3 thing. But pops up soon after the install/upgrade, triggering the error message.

humps

@cybrnook:

People are also seeing it in 2.4.2+ as well, so not just a 2.4.3 thing. But pops up soon after the install/upgrade, triggering the error message.

Yes Confirmed.
I'm Running Pfsense 2.4.2 (X64) and these errors showed up in my logs yesterday (April 2, 2018).
I haven't seen none since today but i have upend my entries to 500000 to prevent a re occurrence.

Regards

cybrnook

I assume what's happening is the monthly cron job that downloads and installs the latest bogons file is slowly working it's way through the community. So regardless of version, people will start popping in here one by one with the issue over the next ~25 - 30 days.

I assume what's likely happening on new installs (and likely upgrades), is that part of the post processing setup is to download the latest file, then schedule it to download again in 30 days time. That's why I think I am seeing it on fresh installs, right after initial setup wizard.

karlfife

April 3 2018 bogons:  100,001 rows

ipv6 bogon prefixes 95,997
ipv4 bogon prefixes 4004

bogon table size: 100,001 rows

If 2x are required to reload the table, then 200K seems slightly too small  ;)

I now notice that my 2.4.2 systems are choking the same way as my freshly updated 2.4.3 systems if I both update bogons and reload the filter.

vMAC

New to pfSense and after installing 2.4.3 on a new install this popped up in my alerts.
Unfortunately until I resolved this issue none of my port forwards would work at all.

I bumped up the number of entries to 500,000 and my port forwards started working immediately.

This is just an FYI in case you can't get your port forwards to work to anyone else who is very new to pfSense.

Bili_boy

The thing I don't understand is why it was 200K for you by default in the first place. I'm still on 2.3.4 and my default for "Firewall Maximum Table Entries" is 2M. (2 000 000). Did they reduce the default on purpose ?

cybrnook

Without going through the git revisions, I would say yes that somewhere between your release and the 2.4 releases it got changed to two hundred thousand 200,000. If you look at the link in the op for the bug ticket to get it fixed, the wording reads of changing the old default value of 200k to 400k. Letting you know that yes, 200k was the current default.

What I am also thinking is that maybe some add on packages, like pfblocker or snort etc., change this default value to a higher number based off the nature of what new rules they will likely need. This is purely speculative.

jdeloach

@Bili_boy:

The thing I don't understand is why it was 200K for you by default in the first place. I'm still on 2.3.4 and my default for "Firewall Maximum Table Entries" is 2M. (2 000 000). Did they reduce the default on purpose ?

I've wondered the same thing.  I'm on 2.4.3 and the default for "Firewall Maximum Table Entries" is 2M (2,000,000) on my system.  I upgraded from 2.4.2 p1 but I don't remember what it was then and I don't remember ever changing it.  Not sure where all these people are getting that their system has 200K as default.

cybrnook

@jdeloach:

@Bili_boy:

The thing I don't understand is why it was 200K for you by default in the first place. I'm still on 2.3.4 and my default for "Firewall Maximum Table Entries" is 2M. (2 000 000). Did they reduce the default on purpose ?

I've wondered the same thing.  I'm on 2.4.3 and the default for "Firewall Maximum Table Entries" is 2M (2,000,000) on my system.  I upgraded from 2.4.2 p1 but I don't remember what it was then and I don't remember ever changing it.  Not sure where all these people are getting that their system has 200K as default.

what additional packages do you have installed?

jdeloach

@cybrnook:

@jdeloach:

@Bili_boy:

The thing I don't understand is why it was 200K for you by default in the first place. I'm still on 2.3.4 and my default for "Firewall Maximum Table Entries" is 2M. (2 000 000). Did they reduce the default on purpose ?

I've wondered the same thing.  I'm on 2.4.3 and the default for "Firewall Maximum Table Entries" is 2M (2,000,000) on my system.  I upgraded from 2.4.2 p1 but I don't remember what it was then and I don't remember ever changing it.  Not sure where all these people are getting that their system has 200K as default.

what additional packages do you have installed?

I only have the APC UPS Daemon package installed.  Everything else is just the default install.  I don't have any of the other packages like PfBlockerNG, Squid or Squidguard installed.

cybrnook

@jdeloach:

@cybrnook:

@jdeloach:

@Bili_boy:

The thing I don't understand is why it was 200K for you by default in the first place. I'm still on 2.3.4 and my default for "Firewall Maximum Table Entries" is 2M. (2 000 000). Did they reduce the default on purpose ?

I've wondered the same thing.  I'm on 2.4.3 and the default for "Firewall Maximum Table Entries" is 2M (2,000,000) on my system.  I upgraded from 2.4.2 p1 but I don't remember what it was then and I don't remember ever changing it.  Not sure where all these people are getting that their system has 200K as default.

what additional packages do you have installed?

I only have the APC UPS Daemon package installed.  Everything else is just the default install.  I don't have any of the other packages like PfBlockerNG, Squid or Squidguard installed.

interesting. My install was just a vanilla 2.4.3. as soon as the config wizard was done, the error was already there.

karlfife

Am I losing my mind?

I just updated another 2.4.2 system to 2.4.3, but noticed the new default is 400,000 entries whereas this thread started because the default was 200,000 entries just yesterday.  "Ah, they did a minor point-release and updated the default" I reasoned.

However, when I went to the machines that I'd manually overridden from 200,000 to 400,000 I noticed that their defaults had also changed, even though they have not been updated (i.e. via point-release).  Huh?  Aren't the defaults hard-coded into the release?

What I've seen here would be more consistent with the defaults being periodically fetched from somewhere.    Is that true?

Derelict

I haven't looked at the code but I think there is a logic problem in that "the system default is X." I think it just says whatever the field is set to instead of actually computing what the default would actually be.

For instance, I didn't see this overrun on bogonsv6 because mine was set to 2,000,000 by something/someone/probablyme. It said "the default on this system is 2,000,000"