Can this step compromise security ?



  • Hi,

    I was getting these error messages

    https://paste2.org/J0nEaMPf

    So, I did

    system -> adv -> firewall -> Firewall Maximum Table Entries, change to 400000

    and it fixed the error messages.

    Since I have no idea what it means please tell me if the the above step can compromise security in any way.



  • Kindly confirm. May there's no good reason but still  I am feeling  a bit nervous.



  • No worries.  Your fine.



  • @chpalmer:

    No worries.  Your fine.

    That's a relief. Thanks.


  • Rebel Alliance Global Moderator

    To provide a bit more info.. BogonsV6 is huge and getting bigger ;)

    That settings lists the max number of entries in the tables.. Tables are aliases you create, or stuff pfsense creates like the bogonV4 and V6 entries.. Or the other built in like "this firewall"

    400k will be the new default on next release.



  • @security_paranoid:

    @chpalmer:

    No worries.  Your fine.

    That's a relief. Thanks.

    In my setting I have 2000000 on the "Firewall Maximum Tables Entries"


  • Rebel Alliance Global Moderator

    yeah that is the old default.  Once your machine tries to update bogonV6 it is possible you could run into a problem..  The issue is all over the forum..

    Here is the redmine for it
    https://redmine.pfsense.org/issues/8417

    You need to look again its not 2Mil its 200K



  • @johnpoz:

    yeah that is the old default.  Once your machine tries to update bogonV6 it is possible you could run into a problem..  The issue is all over the forum..

    Here is the redmine for it
    https://redmine.pfsense.org/issues/8417

    You need to look again its not 2Mil its 200K

    Hi,

    Wow, I didn't know about this. Haven't run into any error. But nice to know. Thanks :)




  • @johnpoz:

    yeah that is the old default.  Once your machine tries to update bogonV6 it is possible you could run into a problem..  The issue is all over the forum..

    Here is the redmine for it
    https://redmine.pfsense.org/issues/8417

    You need to look again its not 2Mil its 200K

    @johnpoz, this value is indeed 2,000,000 on several of the user's machines running 2.4.3.  It appears that this value gets changed from the old default of 200,000 depending on what packages one has installed, pfBlockerNG, Suricata, Snort, etc and how much memory one has installed in their pfSense machine.  This has been reported and confirmed in several posts on this sub-forum.  It may also depend on what the value was when the machine was upgraded from 2.4.2 p1.

    This value is also 2,000,000 on my pfSense firewall.  My firewall has 16G memory and pfBlockerNG and Suricata installed.

    None the less this value needs to be atleast 400K minimum for version 2.4.3.


  • Rebel Alliance Global Moderator

    All Valid points jdeloach..

    Clean install 200k though is the default, from what I have seen and what my sg4860 had..

    If the value is 2mil, then they shouldn't have any problems.. And yes pfblockerng is going to need LOTS of table entries ;)  So that for sure would of bumped the default.



  • I am just a newbie.

    What do you suggest I do ? Keep the value 400000 or change it to something else ?


  • Rebel Alliance Global Moderator

    400k should be more than enough unless your doing some real crazy shit with tables like pfblocker does..

    I really would suggest you leave it blank, since the default should be fine..  If you have run into the bogon thing I would change it to 400k which will be the new default until such time as that is rolled out.  I would then set it back to blank.

    If you are using any packages that need it to be higher, like pfblocker - then they should make adjustments for that, etc.

    You really should not have to touch that setting, unless your doing something specific that requires it.  I would suggest this for pretty much all setting in pfsense - if you do not know what they do ;)  Then don't change them… No matter what guide you read on some idiots guide about pfsense from 2012..

    Your pretty sure any advice here will be vetted by people that understand pfsense.. Out on net you get all kinds of nonsense sort of advice..

    What you really should do if you want to understand all the settings in pfsense is buy the book, or get gold so you have access to the book.



  • @johnpoz:

    400k should be more than enough unless your doing some real crazy shit with tables like pfblocker does..

    I really would suggest you leave it blank, since the default should be fine..  If you have run into the bogon thing I would change it to 400k which will be the new default until such time as that is rolled out.  I would then set it back to blank.

    If you are using any packages that need it to be higher, like pfblocker - then they should make adjustments for that, etc.

    You really should not have to touch that setting, unless your doing something specific that requires it.  I would suggest this for pretty much all setting in pfsense - if you do not know what they do ;)  Then don't change them… No matter what guide you read on some idiots guide about pfsense from 2012..

    Your pretty sure any advice here will be vetted by people that understand pfsense.. Out on net you get all kinds of nonsense sort of advice..

    What you really should do if you want to understand all the settings in pfsense is buy the book, or get gold so you have access to the book.

    It was blank by default but I was getting this error https://paste2.org/J0nEaMPf so I went to the IRC channel and a helpful member suggested that I change it to 400000. So I did and rebooted and the error messages were gone. Okay so I need to keep it to 400000. Thanks.


  • Netgate Administrator

    Yes, keep 400,000. As Johnpoz says above that will be the default value in the next release and in current 2.4.4 snapshots.

    Steve



  • @stephenw10:

    Yes, keep 400,000. As Johnpoz says above that will be the default value in the next release and in current 2.4.4 snapshots.

    Steve

    Got it / Thanks