Gazillion rules created, not sure which package is to blame

Firewalling
Log in to reply
  • D

    Some months ago, I ran into a problem where the web GUI was really slow and usually just timed out.  Netgate support (help much appreciated) discovered that my config file had 6,600 rules in it. I didn't have suitable backups at the time (sigh) so just blew the entire drive away, installed latest version of pfsense and manually created all the rules I needed (essentially about 20 or so).

    All was fine until I decided to add in the PFBlocker and SNORT packages (which were both installed when I was having the problem). Immediately after doing these installs, the webGUI started to fail just like last time. However, this time, I had taken a backup just before installing those packages and I was able to revert back to just before those installs.

    So my question is, does anyone know which of those two packages is to blame for this problem and how I could continue to use them without running into the problem again?

    Many thanks,

    D

    0
  • bmeeks

    @dhjdhj:

    Some months ago, I ran into a problem where the web GUI was really slow and usually just timed out.  Netgate support (help much appreciated) discovered that my config file had 6,600 rules in it. I didn't have suitable backups at the time (sigh) so just blew the entire drive away, installed latest version of pfsense and manually created all the rules I needed (essentially about 20 or so).

    All was fine until I decided to add in the PFBlocker and SNORT packages (which were both installed when I was having the problem). Immediately after doing these installs, the webGUI started to fail just like last time. However, this time, I had taken a backup just before installing those packages and I was able to revert back to just before those installs.

    So my question is, does anyone know which of those two packages is to blame for this problem and how I could continue to use them without running into the problem again?

    Many thanks,

    D

    Your problem is not Snort.  It never creates any firewall rules.  It simply adds IP addresses to a pre-existing pf table called snort2c.  There is a single built-in rule that references that table for blocks.  So there is no way Snort can cause your problem as it does not create any rules of its own.

    pfBlocker does create firewall rules, though.  So it is possible it is the culprit.

    Bill

    0
  • B

    @bmeeks:

    pfBlocker does create firewall rules, though.  So it is possible it is the culprit.

    If pfBlocker is the reason for the rules, there might be a misconfiguration, since normally it only adds up to ~10 rules for every inbound nic and one rule for every blocklist-alias for every outbound nic.

    what is your pfB-configuration?

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy