Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Gazillion rules created, not sure which package is to blame

    Firewalling
    3
    3
    354
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dhjdhj last edited by

      Some months ago, I ran into a problem where the web GUI was really slow and usually just timed out.  Netgate support (help much appreciated) discovered that my config file had 6,600 rules in it. I didn't have suitable backups at the time (sigh) so just blew the entire drive away, installed latest version of pfsense and manually created all the rules I needed (essentially about 20 or so).

      All was fine until I decided to add in the PFBlocker and SNORT packages (which were both installed when I was having the problem). Immediately after doing these installs, the webGUI started to fail just like last time. However, this time, I had taken a backup just before installing those packages and I was able to revert back to just before those installs.

      So my question is, does anyone know which of those two packages is to blame for this problem and how I could continue to use them without running into the problem again?

      Many thanks,

      D

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by

        @dhjdhj:

        Some months ago, I ran into a problem where the web GUI was really slow and usually just timed out.  Netgate support (help much appreciated) discovered that my config file had 6,600 rules in it. I didn't have suitable backups at the time (sigh) so just blew the entire drive away, installed latest version of pfsense and manually created all the rules I needed (essentially about 20 or so).

        All was fine until I decided to add in the PFBlocker and SNORT packages (which were both installed when I was having the problem). Immediately after doing these installs, the webGUI started to fail just like last time. However, this time, I had taken a backup just before installing those packages and I was able to revert back to just before those installs.

        So my question is, does anyone know which of those two packages is to blame for this problem and how I could continue to use them without running into the problem again?

        Many thanks,

        D

        Your problem is not Snort.  It never creates any firewall rules.  It simply adds IP addresses to a pre-existing pf table called snort2c.  There is a single built-in rule that references that table for blocks.  So there is no way Snort can cause your problem as it does not create any rules of its own.

        pfBlocker does create firewall rules, though.  So it is possible it is the culprit.

        Bill

        1 Reply Last reply Reply Quote 0
        • B
          Birke last edited by

          @bmeeks:

          pfBlocker does create firewall rules, though.  So it is possible it is the culprit.

          If pfBlocker is the reason for the rules, there might be a misconfiguration, since normally it only adds up to ~10 rules for every inbound nic and one rule for every blocklist-alias for every outbound nic.

          what is your pfB-configuration?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post