There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: too many elements.

louis2 · Sep 12, 2020, 9:22 PM

The moment I saw those messages, I realized that I had a serious security issue.

So I did decide to reinstall "immediately".

Something was terrible wrong with the system, for some unknown (upgrade) reason.

To answer your question, no I did not open the SSH-port!
So the only conclusion can be that the FW was not working correctly!

Of course they still had to guess my password etc, but never the less "far from OK".

Louis

amiah · Sep 15, 2020, 3:36 PM

FYI I had the same error with no internet, and had to go to INTERFACES and disable Block bogon network. I hope the next update can fix this issue.

abuttino · Sep 16, 2020, 4:32 PM

I have lost all LAN to WAN communication. Suggestions?

w0w · Sep 16, 2020, 4:45 PM

@abuttino

@w0w said in There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: too many elements.:

create system tunable named net.pf.request_maxcount
in System/Advanced/System Tunables and put 2000000 as value.

and REBOOT the firewall!

abuttino · Sep 16, 2020, 4:46 PM

@w0w Thanks!

louis2 · Sep 16, 2020, 7:23 PM

For two reasons that is IMHO not the good solution:

At least for me a clean install solved the problem, so there seems to be a different problem
if (!!) the table is really to small, than Netgate should change the table size. So than your action is only a temporarily solution.

My advice is to save your config and to do a clean install based on the actual snapshot.

Louis

w0w · Sep 17, 2020, 3:35 AM

@louis2
Did you really read that?
https://redmine.pfsense.org/issues/10861
This is the clean installation from the latest ISO, nothing have been changed or imported:

The problem is not solved even on clean install. You will not receive this error until pf bogonsv6 table is full.

louis2 · Sep 17, 2020, 5:35 PM

Yep, the table is to small should be at least 200000, however:

There are another problem as well !!

after a fresh install ...... the bogon tables are not loaded, automatically!! Oeps!!
and I also noticed an error "Bogons V6 file downloaded: pfctl: Invalid argument."
you can have big questions about rule tables as big as 114000 rules. I did not test, but it is probably dramatically affecting performance!!

I also wonder why this is still not fixed !!!

IPV6 is not in every regard a blessing

Louis

w0w · Sep 17, 2020, 6:13 PM

@louis2
If I got it right this time It's on FreeBSD 12.2-PRERELEASE side not pfSense directly. Looks like not everyone have been noticed that base system is changed

louis2 · Sep 17, 2020, 6:43 PM

Thanx!

I checked pfSense is on 12.2 now. I think Jim should have communicated that.

Not for every one relevant, but for me and others that is important to know.

Louis