PFblocker errors

  • Re: 2.3.4-p1 Breaks PFBlockerNG
    This is a new installation, then upgraded then Pf-blocker installed and configured. I am also new to this,
    2.4.5-RELEASE (amd64)
    built on Tue Mar 24 15:25:50 EDT 2020
    FreeBSD 11.3-STABLE
    Log Lines are set to 60000

    There were error(s) loading the rules: /tmp/rules.debug:22: cannot define table pfB_Top_v4: Cannot allocate memory - The line in question reads [22]: table <pfB_Top_v4> persist file "/var/db/aliastables/pfB_Top_v4.txt"
    @ 2020-04-11 22:30:59

    I disabled it, then did a force reload, any suggestions?

  • This is exactly the same error that you had with bogons. You have to increase total table items as described in your other post OR reduce the number of IP aliases you create with pfblockerng. That top spammers list is only really useful if you are running a mail server.

  • I think I can drop the top spammers then

  • If you don't have open ports you shouldn't be blocking anything inbound. The firewall blocks all inbound by default. Blocking by IP outbound isn't really useful from a security perspective if you have good end point security (anti-malware) in place for most networks. You could block outbound using lists like ET-Comp as a canary, if you have some device hitting those IP's it might be something to look at. Blocking whole countries outbound might feel good on a home network but does little other than fill up your logs with meaningless alerts. Security theater.

    The one thing I do block outbound is Facebook and some others by ASN. I very much dislike surveillance capitalism!

  • @jwj I will have to look into that, again this is my first time setting this up, my thoughts is that each one has its own settings on Database. I was following some guided setups on YouTube and for the most part accepting what they did as normal practice. I will have to dig deeper into each one. Thanks for all your feed back.

  • @FMRC_Cheeky No worries. Don't be afraid to ask questions. You'll get up to speed faster than you may think!

Log in to reply