/var/db/captiveportaldn.rules more than 64500?



  • I have an issue with a PFSence server and I have had it for a very long time.  Every so often my /var/db/captiveportaldn.rules fills up.  Several years ago it would happen about once every 6 months but now it is down to about once a month.  I know I can shutdown my captive portal remove the /var/db/captiveportaldn.rules and then restart the captive portal but this never really works for me that well.  90%
    of the time the /var/db/captiveportaldn.rules fills up in the day time and if I do the cleanup and restart the captive portal there is so much load on the httpdlight that the web service dies.  If I restart at the captive portal at night there is no issue.  I normally have +3000 users on during the day.

    My question is can I change that 64500 to something else and is there any real limit on what it can be?

    PFsence version currently in use: 2.3.1-Realse
    Hardware: Dell PowerEdge 1950
    CPU: Intel(R) Xeon(R) CPU 5160 @ 3.00GHz
    RAM: 4G
    NIC: 1 integrated and 2 x Intel 1G NIC cards.



  • Hi,

    Check out this page : https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting
    Execute the commands listed - and see the firewall rules numbers that ipfw is using.
    The "64500" is a limit, you can't go (much) above.

    Also note that " /var/db/captiveportaldn.rule" can not grow indefinitely. I guess it about 700 K when it starts, and depending on the length of the name(s) of your captive portal zone(s) is might double, maybe triple.

    You can 'read' this file to understand its structure. Its a serialized PHP array.

    The nasty thing :
    Every time a user connected and passes through (== authorized) "pass" rules are injected in the firewall ipfw AND the rule set (two: "the numbers" and the "portal zone name") are injected into this array (which becomes a file called /var/db/captiveportaldn.rule on disk).
    When the connections times out, the firewall rule is removed, and the corresponding entry  in to array is set to false (something like "").

    All this reading and writing (updating) of this 1 (2 , 3 ?) MB file happens when users login AND are being thrown off the portal.

    function captiveportal_free_dnrules($rulenos_start = 2000, $rulenos_range_max = 64500) {

    Just one question : your system can keep up with it ?


Log in to reply