Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFblocker errors

    Scheduled Pinned Locked Moved pfBlockerNG
    6 Posts 2 Posters 573 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • FMRC_CheekyF
      FMRC_Cheeky
      last edited by

      Re: 2.3.4-p1 Breaks PFBlockerNG
      This is a new installation, then upgraded then Pf-blocker installed and configured. I am also new to this,
      2.4.5-RELEASE (amd64)
      built on Tue Mar 24 15:25:50 EDT 2020
      FreeBSD 11.3-STABLE
      Log Lines are set to 60000

      There were error(s) loading the rules: /tmp/rules.debug:22: cannot define table pfB_Top_v4: Cannot allocate memory - The line in question reads [22]: table <pfB_Top_v4> persist file "/var/db/aliastables/pfB_Top_v4.txt"
      @ 2020-04-11 22:30:59

      I disabled it, then did a force reload, any suggestions?

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        This is exactly the same error that you had with bogons. You have to increase total table items as described in your other post OR reduce the number of IP aliases you create with pfblockerng. That top spammers list is only really useful if you are running a mail server.

        1 Reply Last reply Reply Quote 0
        • FMRC_CheekyF
          FMRC_Cheeky
          last edited by

          I think I can drop the top spammers then

          1 Reply Last reply Reply Quote 0
          • ?
            A Former User
            last edited by

            If you don't have open ports you shouldn't be blocking anything inbound. The firewall blocks all inbound by default. Blocking by IP outbound isn't really useful from a security perspective if you have good end point security (anti-malware) in place for most networks. You could block outbound using lists like ET-Comp as a canary, if you have some device hitting those IP's it might be something to look at. Blocking whole countries outbound might feel good on a home network but does little other than fill up your logs with meaningless alerts. Security theater.

            The one thing I do block outbound is Facebook and some others by ASN. I very much dislike surveillance capitalism!

            FMRC_CheekyF 1 Reply Last reply Reply Quote 0
            • FMRC_CheekyF
              FMRC_Cheeky @A Former User
              last edited by

              @jwj I will have to look into that, again this is my first time setting this up, my thoughts is that each one has its own settings on Database. I was following some guided setups on YouTube and for the most part accepting what they did as normal practice. I will have to dig deeper into each one. Thanks for all your feed back.

              ? 1 Reply Last reply Reply Quote 0
              • ?
                A Former User @FMRC_Cheeky
                last edited by

                @FMRC_Cheeky No worries. Don't be afraid to ask questions. You'll get up to speed faster than you may think!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.