crash reported when adding FW alias

adamw

Hi all,

I was trying to add a single alias containing 3 subnets:

64.62.128.0/17
66.160.128.0/18
66.160.192.0/20

which is 53k addresses in total.

The mini guide kind of warned me:

An IP range such as 192.168.1.1-192.168.1.10 or a small subnet such as 192.168.1.16/28 may also be entered and a list of individual IP addresses will be generated.

The alias wasn't created and after chilling several seconds of blackout I got this:

Crash report begins.  Anonymous machine information:

arm
11.2-RELEASE-p4
FreeBSD 11.2-RELEASE-p4 #3 a48f4444b47(factory-RELENG_2_4_4): Thu Nov 29 14:07:24 EST 2018     root@buildbot2.nyi.netgate.com:/build/factory-crossbuild-244/obj/armv6/tDULKC6G/arm.armv6/build/factory-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense-SG-31

Crash report details:

PHP Errors:
[10-Dec-2019 14:38:15 Europe/London] PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 19863424 bytes) in /usr/local/www/csrf/csrf-magic.php on line 149


No FreeBSD crash data found.

Thankfully the firewall didn't crash or rebooted, just rejected the request saving me a 50 mile trip to the datacenter.

I think it would be good if some kind of a check is performed prior to the crash.

It might be hard to precisely define how small a "small" subnet is supposed to be which appears to be relative to the amount of memory.

Thanks,
Adam

viragomann

I guess, you're running out the "Firewall Maximum Table Entries".
If you have enough memory you can enlarge the value in System > Advanced > Firewall & NAT.

jimp

Set Type to Network, not Host. Then using CIDR notation is just the three entries you listed.