Allowed memory size exhausted
-
@waterstorm said in Allowed memory size exhausted:
Any idea why it starts growing the config file in one day this quickly?
No-one can do that. We have no access to your files.
You'll be needing text editor like Notepad++ - when installed, activate the Compare plugin.
You'll be needing a SFTP client (FileZilla will do).Now, compare two version of the config.xml - these are just text files.
-
@Gertjan sure
The <filter> part seems to be the issue.
In the "small" config it's from line 293 - 1327
While in the current version of the config the <filter> part is lines 298 - 1387151Some of the entries in the current config (if I search for a description) seem to be in the config 2048 times while they are only once in the small config.
Any specifics I should look out for? Any idea why the filter part blew up that quickly and got somehow replicated in the config (at least it looks like it)?
Thanks!
-
Are you running pfBlocker with auto rule re-ordering enabled?
We have seen that a few times though I'm not sure we found what triggers it:
https://redmine.pfsense.org/issues/8811Steve
-
Yes I'm running pfBlockerNG.
I was just checking the history and it is indeed created by pfBlockerNG. Thanks for pointing me in the right direction.This is interesting, because I have pfBlockerNG running forever and never had problems. However I did change something in pfBlockerNG lately. I needed whitelisting and therefore changed the "Rule Order" setting.
I just changed it back to the default to see if it fixes the issue. This was basically the only thing I changed in the settings of pfBlockerNG in the last year(s).
I'll report back if it fixes things. Thanks again. -
Yes, that's probably the cause. You will need to remove all the duplicated rules or role back the config to before that change.
As @BBcan177 (the author of pfBlocker-ng) said in that bug report try the development version of the pfBlocker package if you can and report back.
Steve
-
@stephenw10 Thank you!
I upgraded to the latest pfBlocker-ng-devel as recommended, so far everything works perfectly fine!
-
I just encountered this on a netgate device, SG-1100 which has only 1GB of RAM. I am troubleshooting now, but after uninstall of pfBlockerNG the device would not boot. I have removed the device from the route in order to debug more. Planning on doing a factory reset, which I assume will let it boot.
-
If you are able to reach the console menu and reset to factory defaults it will remove any spurious config, yes.
If you're able to reach single user mode you can mount the file system
mount -a
then copy the default config from/conf.default/config.xml
to/conf/config.xml
then reboot into it.Steve
-
The netgate device will not boot to any point where I can connect via LAN. the "console" port is a microUSB and does not work either. USB not recognized by systems. I will have to RMA the device.
-
Yes if you're unable to connect to the console port please open a ticket with us here: https://go.netgate.com
Steve
-
I went into the files described and increased the memory with an editor, saved the changes and resolved my memory issue. Good Stuff here. Thanks
-
-
-
-
-
-
-
-