Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Error loading rules

    Scheduled Pinned Locked Moved webGUI
    4 Posts 2 Posters 409 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Chasire
      last edited by

      Hi there
      I have encountered an error while loading my pfsense webinterface that says the following:

      There were error(s) loading the rules: /tmp/rules.debug:20: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [20]: table <bogonsv6> persist file "/etc/bogonsv6"

      I tried to fix the problem using these links:

      • https://forum.netgate.com/topic/129127/ruleerror-there-were-errors-loading-the-rules-tmp-rules-debug-18-cannot-alloc/5
      • https://justinho.com/blog/2018/03/15/pfSense-Bogons.html

      I have set Firewall Maximum Table Entries from 400000 to 800000 and yet I still get the error messages when restarting my pfsense router.

      Any advice or comment about fixing this issue will be appreciated.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        400000 is enough. 800000 is double enough.

        Something else is going on.

        How much RAM in the unit?

        Running anything like pfBlockerNG or anything else that likes to create massive tables?

        What does this output in Diagnostics > Command prompt?

        pfctl -sm

        And this:

        wc -l /etc/bogonsv6

        and this:

        ls -l /etc/bogonsv6

        and this:

        for table in `pfctl -sT`; do echo -n $table; pfctl -T show -t $table | wc -l ; done

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • C
          Chasire
          last edited by

          Here are the details:

          17fd2a1a-88cf-4446-acc3-ee5cc25007bf-image.png
          This is a screenshot of my system interface at the moment.

          Yes, I run pfBlockerNG. I also run squid and Snort.

          Here are the results after executing the following commands:

          • pfctl -sm
            states hard limit 20000
            src-nodes hard limit 20000
            frags hard limit 5000
            table-entries hard limit 800000

          • wc -l /etc/bogonsv6
            107666 /etc/bogonsv6

          • ls -l /etc/bogonsv6
            -rw-r--r-- 1 root wheel 1733644 Apr 16 10:30 /etc/bogonsv6

          • for table in pfctl -sT; do echo -n $table; pfctl -T show -t $table | wc -l ; done
            bogons 3040
            bogonsv6 107665
            snort2c 0
            sshguard 0
            tonatsubnets 5
            virusprot 0
            webConfiguratorlockout 0

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            That all looks fine. You should not be receiving any errors.

            I question that your swap is almost half full though.

            209MB RAM? That's practically nothing. I give the smallest of my test VMs 512MB. That is likely your problem.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.