Getting this on one box since upgrade to 2.4.3-RELEASE several times daily



  • Getting this on one box since upgrade to 2.4.3-RELEASE several times daily-

    There were error(s) loading the rules: /tmp/rules.debug:21: cannot define table negate_networks: Cannot allocate memory - The line in question reads [21]: table <negate_networks> { 172.31.125.0/24 10.10.1.12/30 192.168.12.0/24 10.12.2.0/30 172.19.1.0/25 172.29.10.0/30 172.29.10.8/30 172.28.10.0/30 172.28.10.8/30 10.12.2.8/30 }

    These addresses are all associated with a couple of OpenVPN connections into this box..

    Any ideas?  :o    This box has 4GB RAM.  And plenty of swap space..



  • Tried this 2.4.3 upgrade and rules applying not working and other solutions mentioned over there ?



  • @chpalmer:

    Getting this on one box since upgrade to 2.4.3-RELEASE several times daily-

    There were error(s) loading the rules: /tmp/rules.debug:21: cannot define table negate_networks: Cannot allocate memory - The line in question reads [21]: table <negate_networks> { 172.31.125.0/24 10.10.1.12/30 192.168.12.0/24 10.12.2.0/30 172.19.1.0/25 172.29.10.0/30 172.29.10.8/30 172.28.10.0/30 172.28.10.8/30 10.12.2.8/30 }

    These addresses are all associated with a couple of OpenVPN connections into this box..

    Any ideas?  :o    This box has 4GB RAM.  And plenty of swap space..

    Upgraded about a dozen of my boxes to 2.4.3 this week and had several with this issue. I can't remember but it seems like all our CARP setups gave this error after upgrade. We were only using about 2% of the state table but after bumping up the Firewall Maximum States this issue went away. You can go to System –> Advanced --> Firewall & NAT and change the value of Firewall Maximum States to a higher value. I doubled mine which is currently set to:  1626000

    Take a look at the system default size and double it. Hope this helps.



  • Thanks guys!

    When I turned IPv6 off on the interfaces the errors stopped..  ISP is having issues with IPv6 so we are disabling for now. Ill update if when turned back on the errors start again..


Log in to reply