Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    crash reported when adding FW alias

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 3 Posters 227 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • adamwA
      adamw
      last edited by

      Hi all,

      I was trying to add a single alias containing 3 subnets:

      64.62.128.0/17
      66.160.128.0/18
      66.160.192.0/20

      which is 53k addresses in total.

      The mini guide kind of warned me:

      An IP range such as 192.168.1.1-192.168.1.10 or a small subnet such as 192.168.1.16/28 may also be entered and a list of individual IP addresses will be generated.
      

      The alias wasn't created and after chilling several seconds of blackout I got this:

      Crash report begins.  Anonymous machine information:
      
      arm
      11.2-RELEASE-p4
      FreeBSD 11.2-RELEASE-p4 #3 a48f4444b47(factory-RELENG_2_4_4): Thu Nov 29 14:07:24 EST 2018     root@buildbot2.nyi.netgate.com:/build/factory-crossbuild-244/obj/armv6/tDULKC6G/arm.armv6/build/factory-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense-SG-31
      
      Crash report details:
      
      PHP Errors:
      [10-Dec-2019 14:38:15 Europe/London] PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 19863424 bytes) in /usr/local/www/csrf/csrf-magic.php on line 149
      
      
      No FreeBSD crash data found.
      

      Thankfully the firewall didn't crash or rebooted, just rejected the request saving me a 50 mile trip to the datacenter.

      I think it would be good if some kind of a check is performed prior to the crash.

      It might be hard to precisely define how small a "small" subnet is supposed to be which appears to be relative to the amount of memory.

      Thanks,
      Adam

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        I guess, you're running out the "Firewall Maximum Table Entries".
        If you have enough memory you can enlarge the value in System > Advanced > Firewall & NAT.

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Set Type to Network, not Host. Then using CIDR notation is just the three entries you listed.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.