snort crash
-
@NogBadTheBad Is it just a protection to csrf? Can I fix the problem someways without disable it?
-
Oh ignore what I mentioned, just noticed I have that code too, but I don't see the crashes.
It's quite old code, thats what made me think it was something you'd installed.
-
@v0id :
Do you have any other packages installed such as Squid, pfBlockerNG, DNSBL, etc? That error indicates that something is chewing up all of the allocated PHP memory. If you have 4GB of RAM, you should not be swapping out to disk (swap memory).Lastly, what version of pfSense are you running? There were some changes made to the
csrf-magiccode over in the pfSense-2.5-DEVEL snapshot late last week. However, to my knowledge none of those were applied to RELEASE. -
@bmeeks Have installed just pfBlocker (TLD enabled) and snort in not blocking mode. Actually swapped out of disk and encrypted it, is it bad?
I'm running pfsense 2.4.4 stable
-
@v0id said in snort crash:
@bmeeks Have installed just pfBlocker (TLD enabled) and snort in not blocking mode. Actually swapped out of disk and encrypted it, is it bad?
I'm running pfsense 2.4.4 stable
What do you mean by "swapped out of disk and encrypted it, is it bad?"? That statement makes no sense to me. What did you swap out of the disk and what is encrypted?
Do you perhaps mean you swapped out the disk drive itself? But I still can't make sense out of the encrypted part.
-
This post is deleted! -
@bmeeks Meant I've extended swap space using space from root partition and after create the swap space used these commands for encrypt it
dd if=/dev/random of=/root/en.swap0 bs=1m count=64
mdconfig -a -t vnode -f /root/en.swap0
geom eli init md0
geli restore /var/backups/md0.eli md0Attach md0, enter:
geom eli attach md0Turn on encrpted swap file:
swapon /dev/md0.eli|| -
@v0id
There is no reason, in my view, to encrypt swap space.You also need to determine why memory usage is so high. Extending swap space is a band aid covering up the core problem.
-
@bmeeks Think the core problem is too many hosts in pfBlocker and TLD option activated. 4GB of ram should be not enough for 6 milion hosts
-
@v0id said in snort crash:
@bmeeks Think the core problem is too many hosts in pfBlocker and TLD option activated. 4GB of ram should be not enough for 6 milion hosts
That's one reason I'm not a fan of loading up tons of IP blocklists. It chews up a ton of CPU processing time and uses valuable RAM. There are more efficient ways to have a secure system in my opinion.
If you really want to run all this stuff on your firewall, then you need more horsepower (larger CPU and lots more RAM). Then you will need to customize the
php.inifile settings for maximum memory allocated to PHP processes. Just be aware that any change you make to that file will be automatically overwritten each time you update pfSense. Again, lots of trouble for not much gain in my view.If you want to block ads on your network, look at something like pi hole running on a virtual machine. Just let your firewall do its normal thing by blocking all unsolicited inbound traffic. But don't bog it down maintaining huge IP block lists. Just my humble $0.02 worth.
