error(s) loading the rules: /tmp/rules.debug:28: cannot define table pfB_PRI2_Alienvault_v4: Cannot allocate memory
-
This error/notice recently started showing up. I don't believe I changed anything beforehand. How to fix?
Filter Reload
There were error(s) loading the rules: /tmp/rules.debug:28: cannot define table pfB_PRI2_Alienvault_v4: Cannot allocate memory - The line in question reads [28]: table <pfB_PRI2_Alienvault_v4> persist file "/var/db/aliastables/pfB_PRI2_Alienvault_v4.txt" @ 2020-06-07 09:08:12 There were error(s) loading the rules: /tmp/rules.debug:28: cannot define table pfB_PRI2_Alienvault_v4: Cannot allocate memory - The line in question reads [28]: table <pfB_PRI2_Alienvault_v4> persist file "/var/db/aliastables/pfB_PRI2_Alienvault_v4.txt" @ 2020-06-07 09:08:28 There were error(s) loading the rules: /tmp/rules.debug:28: cannot define table pfB_PRI2_Alienvault_v4: Cannot allocate memory - The line in question reads [28]: table <pfB_PRI2_Alienvault_v4> persist file "/var/db/aliastables/pfB_PRI2_Alienvault_v4.txt" @ 2020-06-07 09:08:47 -
You ran out of available table space to load the pfBlocker aliases probably.
What do you have set for Firewall Maximum Table Entries in System > Advanced > Firewall & NAT?Though it could also be this: https://redmine.pfsense.org/issues/10310
Or may be related to this: https://redmine.pfsense.org/issues/10414 which is fixed in 2.4.5p1
Steve
-
Thank you for the reply :)
Firewall Maximum Table Entries is set @ default of 400000. I did google this error, and a post from a few years back recommended to set it at 400000, if it wasn't already. I just don't know how high I can reasonably set it at.
I have 8GB of memory, and I'm only using 20-30%. What number would you recommend?
2.4.5-RELEASE (amd64)
Installed Packages:
arpwatch
bandwidthd
iftop
pfBlockerNG-devel
snortedit:
I deleted the preset number of 400000, saved, and refreshed. If left blank, the default size is set at 200000.I set the number at 800000 and restarted. Hopefully it does the trick.
-
@loopery said in error(s) loading the rules: /tmp/rules.debug:28: cannot define table pfB_PRI2_Alienvault_v4: Cannot allocate memory:
Thank you for the reply :)
Firewall Maximum Table Entries is set @ default of 400000. I did google this error, and a post from a few years back recommended to set it at 400000, if it wasn't already. I just don't know how high I can reasonably set it at.
I set the number at 800000 and restarted. Hopefully it does the trick.
On my system, it is set at 4000000. I believe that was the setting that pfSense chose during one of the upgrades because of the packages that I had installed. I have read where some folks have it set as high as 10000000 but I haven't seen a reason to change it to that. That came about early on with 2.4.x when one had pfBlockerNG with lots of lists selected and/or Snort or Suricata installed. If I were you, I would set it to at least 2000000 if you want things to work reliably. Now that setting my change depending on what the changes are for 2.4.5-p1,
-
You probably don't need to go higher than 1M IMO. Currently, at least.
Larger tables will cause more effect from 10414 if you're hitting that too. Until 2.4.5p1 is released.
Steve
-
J johnpoz referenced this topic on
-
J johnpoz referenced this topic on
