URLs Aliases causing system (or rather network) downtime
-
Been troubleshooting and recovering from downtime this morning.
In GUI I had some 600 (!) errors stating stuff like:
There were error(s) loading the rules: /tmp/rules.debug:65: cannot define table IP_CINSscore_badguys_list: Cannot allocate memory - The line in question reads [65]: table <IP_CINSscore_badguys_list> persist file "/var/db/aliastables/IP_CINSscore_badguys_list.txt"
Nothing behind pfS could surf through to the Internet. Traffic from outside seemed also to be blocked.
However, from the fw itself, I could use both hostnames and IPs, in outbound pings for instance.
This probably due to the fact that do not enter on any interface but produce the traffic from within the system itself and hence do not trigger the fw rules that are set up.I'm guessing that this URL: http://cinsscore.com/list/ci-badguys.txt
for some reason made the alias that it fills with IPs incorrect. That alias is used in one of a number of a floating rules that exists in the system and blocks anything emanating or going to IPs on those lists.
I guess that somehow shit went in that alias to make it always hit and hence block all traffic.
I did a reboot and it seems that cleared what was to clear.
Similar experiences are reported, this one seems quite similar, at leeast when it comes to the error msg:
https://forum.pfsense.org/index.php?topic=112268.msg625417#msg625417So, downtime is bad, users gets annoyed. Anything I could do to lessen the impact for the future? What kind of error checks are done?
How often are the aliases re-filled?CORRECTION, during the last 20 min I have gotten 2 new errors like above in GUI.
I do have a vague recollection of perhaps some time in the past changing a mem value somewhere, but I don't remember exactly where that was.
This system is on: 2.3.4-RELEASE (i386)
Ideas/comments???
TIA,
-
You find the trouble point?
-
Start a new thread if you have a problem instead of digging up this zombie.
