crash reported when adding FW alias



  • Hi all,

    I was trying to add a single alias containing 3 subnets:

    64.62.128.0/17
    66.160.128.0/18
    66.160.192.0/20

    which is 53k addresses in total.

    The mini guide kind of warned me:

    An IP range such as 192.168.1.1-192.168.1.10 or a small subnet such as 192.168.1.16/28 may also be entered and a list of individual IP addresses will be generated.
    

    The alias wasn't created and after chilling several seconds of blackout I got this:

    Crash report begins.  Anonymous machine information:
    
    arm
    11.2-RELEASE-p4
    FreeBSD 11.2-RELEASE-p4 #3 a48f4444b47(factory-RELENG_2_4_4): Thu Nov 29 14:07:24 EST 2018     root@buildbot2.nyi.netgate.com:/build/factory-crossbuild-244/obj/armv6/tDULKC6G/arm.armv6/build/factory-crossbuild-244/pfSense/tmp/FreeBSD-src/sys/pfSense-SG-31
    
    Crash report details:
    
    PHP Errors:
    [10-Dec-2019 14:38:15 Europe/London] PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 19863424 bytes) in /usr/local/www/csrf/csrf-magic.php on line 149
    
    
    No FreeBSD crash data found.
    

    Thankfully the firewall didn't crash or rebooted, just rejected the request saving me a 50 mile trip to the datacenter.

    I think it would be good if some kind of a check is performed prior to the crash.

    It might be hard to precisely define how small a "small" subnet is supposed to be which appears to be relative to the amount of memory.

    Thanks,
    Adam



  • I guess, you're running out the "Firewall Maximum Table Entries".
    If you have enough memory you can enlarge the value in System > Advanced > Firewall & NAT.


  • Rebel Alliance Developer Netgate

    Set Type to Network, not Host. Then using CIDR notation is just the three entries you listed.


Log in to reply