crash reported when adding FW alias
-
Hi all,
I was trying to add a single alias containing 3 subnets:
64.62.128.0/17
66.160.128.0/18
66.160.192.0/20which is 53k addresses in total.
The mini guide kind of warned me:
An IP range such as 192.168.1.1-192.168.1.10 or a small subnet such as 192.168.1.16/28 may also be entered and a list of individual IP addresses will be generated.
The alias wasn't created and after chilling several seconds of blackout I got this:
Crash report begins. Anonymous machine information: arm 11.2-RELEASE-p4 FreeBSD 11.2-RELEASE-p4 #3 a48f4444b47(factory-RELENG_2_4_4): Thu Nov 29 14:07:24 EST 2018 root@buildbot2.nyi.netgate.com:/build/factory-crossbuild-244/obj/armv6/tDULKC6G/arm.armv6/build/factory-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense-SG-31 Crash report details: PHP Errors: [10-Dec-2019 14:38:15 Europe/London] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 19863424 bytes) in /usr/local/www/csrf/csrf-magic.php on line 149 No FreeBSD crash data found.
Thankfully the firewall didn't crash or rebooted, just rejected the request saving me a 50 mile trip to the datacenter.
I think it would be good if some kind of a check is performed prior to the crash.
It might be hard to precisely define how small a "small" subnet is supposed to be which appears to be relative to the amount of memory.
Thanks,
Adam -
I guess, you're running out the "Firewall Maximum Table Entries".
If you have enough memory you can enlarge the value in System > Advanced > Firewall & NAT. -
Set Type to Network, not Host. Then using CIDR notation is just the three entries you listed.