File Download/Speed Test Locks Up pfSense
-
Ive run into an issue where if I download a file large enough to take advantage of my full internet connection, 400MBps down, or run a speedtest, my SG-5100 locks up and I have to perform a hard reset. I'm running pfBlockerNG and Suricata and have upgraded the RAM to 16GB. If I disable pfBlockerNG, the issue goes away.
Is there a way I can tweak pfBlockerNG to improve performance or resolve this issue?
-
I assume the below will be useful, it's the summary information from my last full update:
69724 total 40061 /var/db/pfblockerng/deny/Alienvault_v4.txt 14250 /var/db/pfblockerng/deny/CINS_army_v4.txt 6181 /var/db/pfblockerng/deny/BDS_TOR_v4.txt 5174 /var/db/pfblockerng/deny/DNSBLIP_v4.txt 1465 /var/db/pfblockerng/deny/ET_Comp_v4.txt 847 /var/db/pfblockerng/deny/ET_Block_v4.txt 558 /var/db/pfblockerng/deny/ISC_1000_30_v4.txt 441 /var/db/pfblockerng/deny/Abuse_Feodo_C2_v4.txt 332 /var/db/pfblockerng/deny/Abuse_IPBL_v4.txt 134 /var/db/pfblockerng/deny/BBC_C2_v4.txt 107 /var/db/pfblockerng/deny/Abuse_Zeus_v4.txt 96 /var/db/pfblockerng/deny/Spamhaus_eDrop_v4.txt 72 /var/db/pfblockerng/deny/Abuse_SSLBL_v4.txt 5 /var/db/pfblockerng/deny/ISC_Block_v4.txt 1 /var/db/pfblockerng/deny/Spamhaus_Drop_v4.txt ====================[ Empty Lists w/127.1.7.7 ]================== Spamhaus_Drop_v4.txt ===[ DNSBL Domain/IP Counts ] =================================== 577637 total 169469 /var/db/pfblockerng/dnsbl/hpHosts_EMD.txt 117809 /var/db/pfblockerng/dnsbl/hpHosts_FSA.txt 115592 /var/db/pfblockerng/dnsbl/hpHosts_PSH.txt 31567 /var/db/pfblockerng/dnsbl/AntiSocial_BD.txt 25522 /var/db/pfblockerng/dnsbl/MDS.txt 17979 /var/db/pfblockerng/dnsbl/hpHosts_PUP.txt 17508 /var/db/pfblockerng/dnsbl/Shallalist_spyware.txt 8709 /var/db/pfblockerng/dnsbl/Shallalist_adv.txt 8376 /var/db/pfblockerng/dnsbl/hpHosts_PHA.txt 8306 /var/db/pfblockerng/dnsbl/hpHosts_ATS.txt 7548 /var/db/pfblockerng/dnsbl/Abuse_URLBL.txt 6456 /var/db/pfblockerng/dnsbl/Spam404.txt 6054 /var/db/pfblockerng/dnsbl/SWC.txt 4708 /var/db/pfblockerng/dnsbl/Cameleon.txt 4410 /var/db/pfblockerng/dnsbl/Shallalist_adv_v4.ip 3916 /var/db/pfblockerng/dnsbl/CoinBlocker_All.txt 2532 /var/db/pfblockerng/dnsbl/SFS_Toxic_BD.txt 2523 /var/db/pfblockerng/dnsbl/MDS_Immortal.txt 2377 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt 1983 /var/db/pfblockerng/dnsbl/hpHosts_MMT.txt 1900 /var/db/pfblockerng/dnsbl/Abuse_DOMBL.txt 1707 /var/db/pfblockerng/dnsbl/SBL_ADs.txt 1505 /var/db/pfblockerng/dnsbl/D_Me_ADs.txt 1335 /var/db/pfblockerng/dnsbl/Shallalist_spyware_v4.ip 1048 /var/db/pfblockerng/dnsbl/hpHosts_EXP.txt 1034 /var/db/pfblockerng/dnsbl/hpHosts_WRZ.txt 999 /var/db/pfblockerng/dnsbl/MDL.txt 941 /var/db/pfblockerng/dnsbl/EasyList.txt 894 /var/db/pfblockerng/dnsbl/Shallalist_tracker.txt 726 /var/db/pfblockerng/dnsbl/Yoyo.txt 698 /var/db/pfblockerng/dnsbl/BBC_DC2.txt 463 /var/db/pfblockerng/dnsbl/MVPS.txt 305 /var/db/pfblockerng/dnsbl/hpHosts_HFS.txt 268 /var/db/pfblockerng/dnsbl/hpHosts_GRM.txt 165 /var/db/pfblockerng/dnsbl/hpHosts_HJK.txt 96 /var/db/pfblockerng/dnsbl/EasyList_Adware.txt 61 /var/db/pfblockerng/dnsbl/Adaway.txt 58 /var/db/pfblockerng/dnsbl/Abuse_URLBL_v4.ip 48 /var/db/pfblockerng/dnsbl/Abuse_Zeus_BD.txt 19 /var/db/pfblockerng/dnsbl/D_Me_Tracking.txt 11 /var/db/pfblockerng/dnsbl/Shallalist_tracker_v4.ip 5 /var/db/pfblockerng/dnsbl/EasyList_v4.ip 5 /var/db/pfblockerng/dnsbl/Abuse_CW_C2.txt 1 /var/db/pfblockerng/dnsbl/EasyPrivacy_v4.ip 1 /var/db/pfblockerng/dnsbl/D_Me_Malv.txt 0 /var/db/pfblockerng/dnsbl/ISC_SDH.txt 0 /var/db/pfblockerng/dnsbl/D_Me_Malw.txt 0 /var/db/pfblockerng/dnsbl/Abuse_TC_C2.txt ====================[ IPv4/6 Last Updated List Summary ]============== Jun 18 07:01 Abuse_Zeus_v4 Jun 21 12:25 Spamhaus_Drop_v4 Jun 23 14:38 Spamhaus_eDrop_v4 Jun 23 23:29 ET_Block_v4 Jun 23 23:29 ET_Comp_v4 Jun 24 13:02 ISC_1000_30_v4 Jun 25 00:06 DNSBLIP_v4 Jun 25 14:48 CINS_army_v4 Jun 25 15:12 BBC_C2_v4 Jun 25 15:46 Alienvault_v4 Jun 25 15:55 Abuse_IPBL_v4 Jun 25 16:00 Abuse_Feodo_C2_v4 Jun 25 16:00 Abuse_SSLBL_v4 Jun 25 16:00 BDS_TOR_v4 Jun 25 16:00 ISC_Block_v4 ====================[ DNSBL Last Updated List Summary ]============== Jul 31 2015 D_Me_Tracking Mar 9 2016 D_Me_ADs Jan 19 2018 hpHosts_HFS Jan 20 2018 Adaway Mar 18 2018 Cameleon May 25 2018 hpHosts_EXP Nov 1 2018 hpHosts_HJK Nov 15 2018 hpHosts_GRM Nov 29 2018 MDS_Immortal Dec 30 03:10 hpHosts_MMT Feb 21 11:45 MDL May 24 17:05 hpHosts_WRZ May 31 22:27 Spam404 Jun 5 04:11 Yoyo Jun 8 12:01 UT1_ddos Jun 8 12:01 UT1_malware Jun 8 12:01 UT1_phishing Jun 8 12:01 UT1_publicite Jun 8 12:01 UT1_warez Jun 11 14:05 MVPS Jun 12 07:18 hpHosts_ATS Jun 12 09:23 hpHosts_EMD Jun 13 04:32 CoinBlocker_All Jun 15 00:01 Abuse_Zeus_BD Jun 18 17:08 MDS Jun 20 17:34 hpHosts_PHA Jun 21 00:47 SWC Jun 21 16:43 hpHosts_PUP Jun 24 07:41 SBL_ADs Jun 24 16:53 hpHosts_FSA Jun 24 17:14 hpHosts_PSH Jun 24 19:01 Shallalist_adv Jun 24 19:01 Shallalist_spyware Jun 24 19:01 Shallalist_tracker Jun 24 23:04 ISC_SDH Jun 24 23:12 BBC_DC2 Jun 24 23:17 AntiSocial_BD Jun 24 23:21 D_Me_Malw Jun 24 23:21 D_Me_Malv Jun 24 23:41 EasyPrivacy Jun 24 23:50 EasyList_Adware Jun 24 23:50 EasyList Jun 24 23:55 Abuse_DOMBL Jun 24 23:55 Abuse_CW_C2 Jun 24 23:59 SFS_Toxic_BD Jun 25 00:00 Abuse_URLBL Jun 25 00:00 Abuse_TC_C2 =============================================================== Database Sanity check [ PASSED ] ------------------------ Masterfile/Deny folder uniq check Deny folder/Masterfile uniq check Sync check (Pass=No IPs reported) ---------- Alias table IP Counts ----------------------------- 69724 total 40061 /var/db/aliastables/pfB_PRI2_v4.txt 18308 /var/db/aliastables/pfB_PRI1_v4.txt 6181 /var/db/aliastables/pfB_TOR_v4.txt 5174 /var/db/aliastables/pfB_DNSBLIP_v4.txt pfSense Table Stats ------------------- table-entries hard limit 400000 Table Usage Count 182125 UPDATE PROCESS ENDED [ 06/25/19 16:35:41 ]
-
I don't run Suricata but I do run pfBlockerNG on a teeny VM with only 1.5GB RAM and can max my 300 Mbps connection. I don't know what your problem is, but could disk space be an issue? Lots of log files?
-
Logs are generated, but circular logging is enabled and they're shipped off to a separate log ingest application. CPU seems fine, I've watched the dashboard CPU monitor and the highest I've seen it get is 65% during these tests.
BTW, what's with the autocorrect on these forums...what i am typing doesn't match what is being posted.
-
@Grunt0307 Assuming your running the latest release ver of pfSense, 2.4.4.p3? Do you run the devel ver of pfBlockerNG or release? I run the devel ver and it was cake to setup since it comes with some preselected lists. Have you maybe tried testing the PS for voltage and memtest-ing the memory in another box? Maybe you can boot memtest from a USB (don't know if the SG has video out). Tried with Blocker enabled and Suricata disabled?
-
Yes, running the latest version 2.4.4.p3-devel. I haven't tested either of those things, was hoping there was a crash log or something somewhere within the OS.
-
@Grunt0307 Might find something in /var/log/crash
-
I guess I should have tested more thoroughly. I have pfBlockerNG and Suricata running on it. If I disable either of these services, then the device doesn't lock up...though with just Suricata, it struggles to fully saturate a 400Mb pipe.