There were error(s) Cannot allocate memory
-
The new installation 3 days ago has been helping a lot, however after being able to gain access to the logs now I get "/rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:18: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [18]: table <bogonsv6> persist file "/etc/bogonsv6"" under the Status/SystemsLogs/System/General"
I'm worried about the Cannot allocate memory. Can this be the reason why I still get hacking attempts going though into the VOIP PBX mostly from Russia and Germany? I've those selected under the pfBlcokerNG and active but still no major luck. Much better than ClearOS anyway!
I'd appreciate any help on this issue.
Thanks -
Go to system, advanced, firewall & nat. Increase the maximum table entries.
If you are not using ipv6, consider disabling it. Then the firewall will not need to load the ipv6 bogons table. -
@dotdash Thanks, disabled ipv6 and increased from 400000 to 700000 and after restart still get the same "rc.bootup: New alert found: There were error(s) loading the rules: /tmp/rules.debug:33: cannot define table pfB_PRI1: Cannot allocate memory - The line in question reads [33]: table <pfB_PRI1> persist file "/var/db/aliastables/pfB_PRI1.txt""
Any idea what could be provoking this error?
Thanks again -
@dotdash Because I'm using pfBlockerNG... can it be that I need to add much more?
-
It all depends on how big your tables are. You could try bumping it up in increments to see if the error goes away.
-
@dotdash Thanks. I'll do that after hours. I really appreciate your input as I'm new to this firewall , however we are really impressed with it.
-
You need to set it at (total number of table items) * 2
-
@jwj Thanks
-
You're posting in the TNSR forum...but I think you're using pfSense?
My setup instructions for pfBlockerNG were from years ago and I don't think I have a link. My note says "double default Firewall Maximum States." Pinned post https://forum.netgate.com/topic/77601/pfblockerng/1193 has a note at the bottom from the package maintainer about using 2 million. The "correct" minimum required answer depends on what is being loaded (no IP lists, no memory).
-
@teamits oops... you are correct. So busy and got distracted. Thanks for pointing that........... and thanks for your reply. I'll work on it this weekend to not affect productivity.
Thanks again