There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: too many elements.

louis2

Hi,

The problem(s) described are may be related to updating. During the past two updates I got a message saying something like "update failed". However since, despite that message, everything seems to work. I did not pay further attention.

However that changed today. Issue far too serious!

So I did install today pfSense snapshot from scratch (format disk). That solved the problem (I think). No bogon warning, no security warnings in the log.

I have been thinking ..... just an Idea nothing more(!) .... that the updates do not clear the bogon table ..... just add new rules ..... that might!! be the case, perhaps! ... then ...

Louis

w0w

@louis2 said in There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: too many elements.:

112.85.42.229

This looks like abused IP from China. The main question is... do you have opened SSH port to the world?

louis2

@w0w

The moment I saw those messages, I realized that I had a serious security issue.

So I did decide to reinstall "immediately".

Something was terrible wrong with the system, for some unknown (upgrade) reason.

To answer your question, no I did not open the SSH-port!
So the only conclusion can be that the FW was not working correctly!

Of course they still had to guess my password etc, but never the less "far from OK".

Louis

amiah

FYI I had the same error with no internet, and had to go to INTERFACES and disable Block bogon network. I hope the next update can fix this issue.

abuttino

I have lost all LAN to WAN communication. Suggestions?

w0w

@abuttino

@w0w said in There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: too many elements.:

create system tunable named net.pf.request_maxcount
in System/Advanced/System Tunables and put 2000000 as value.

and REBOOT the firewall!

abuttino

@w0w Thanks!

louis2

For two reasons that is IMHO not the good solution:

• At least for me a clean install solved the problem, so there seems to be a different problem
• if (!!) the table is really to small, than Netgate should change the table size. So than your action is only a temporarily solution.

My advice is to save your config and to do a clean install based on the actual snapshot.

Louis

w0w

@louis2
Did you really read that?
https://redmine.pfsense.org/issues/10861
This is the clean installation from the latest ISO, nothing have been changed or imported:

The problem is not solved even on clean install. You will not receive this error until pf bogonsv6 table is full.

louis2

Yep, the table is to small should be at least 200000, however:

There are another problem as well !!

• after a fresh install ...... the bogon tables are not loaded, automatically!! Oeps!!
• and I also noticed an error "Bogons V6 file downloaded: pfctl: Invalid argument."
• you can have big questions about rule tables as big as 114000 rules. I did not test, but it is probably dramatically affecting performance!!

I also wonder why this is still not fixed !!!

IPV6 is not in every regard a blessing

Louis

w0w

@louis2
If I got it right this time It's on FreeBSD 12.2-PRERELEASE side not pfSense directly. Looks like not everyone have been noticed that base system is changed

louis2

Thanx!

I checked pfSense is on 12.2 now. I think Jim should have communicated that.

Not for every one relevant, but for me and others that is important to know.

Louis