This problem is driving me nuts! Please help.
-
Can somebody help me sort this out? I'm using a SG-1100.
There were error(s) loading the rules: /tmp/rules.debug:26: cannot define table pfB_Top_v4: Cannot allocate memory - The line in question reads [26]: table <pfB_Top_v4> persist file "/var/db/aliastables/pfB_Top_v4.txt"
-
Go to system->advanced->firewall & nat
Increase the firewall_max_table_entries to something large. You can set it very large if you have a ton of big aliases.
If you have upgraded to 2.4.5 be aware that large numbers of table entries will cause significant issues with latency and packet loss whenever the filters are reloaded or with any activity that runs pfctl.
-
@jwj
I've tried this multiple times and it still throws this.
-
@mike3y Go bigger. You will have to reboot after making the change.
You could also open a ticket. Your on Netgate HW. They will get you straight.
-
@jwj Okay I've rebooted and will keep an eye on it.
-
You can go to Status->Filter Reload and reload the filters. If it doesn't throw an error you should be good. The only way it would come back is if one of those list grows so that the total number if items in all of your tables exceeds the value you set.
-
@jwj said in This problem is driving me nuts! Please help.:
You can go to Status->Filter Reload and reload the filters. If it doesn't throw an error you should be good. The only way it would come back is if one of those list grows so that the total number if items in all of your tables exceeds the value you set.
It’s back again throwing these errors.. very frustrating!
-
@mike3y You can increase Firewall Maximum Table Entries to a very large value without risk. I set mine to 20000000. There are no ill effects to doing that.
If you want to be precise about this you should set it to twice the total number of items in tables + some amount to account for changes. So if you go to Diagnostics->Tables and add up the items in all the tables (roughly) times two plus a fudge factor (say 200000) you should be good to go.
Reboot and then see what happens. If you get an error please post a screen shot of the error.
-
"Cannot allocate memory" on 2.4.5 does not mean you don't have enough table entries. On 2.4.5 that error will be "Too many elements" if you need to increase the table entries limit.
"Cannot allocate memory" is likely just what it says, it ran out of kernel memory trying to load the table. Usually this is only temporary and will resolve itself in the next filter reload. See https://redmine.pfsense.org/issues/10310 for more info.
