There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: too many elements.
-
The moment I saw those messages, I realized that I had a serious security issue.
So I did decide to reinstall "immediately".
Something was terrible wrong with the system, for some unknown (upgrade) reason.
To answer your question, no I did not open the SSH-port!
So the only conclusion can be that the FW was not working correctly!Of course they still had to guess my password etc, but never the less "far from OK".
Louis
-
FYI I had the same error with no internet, and had to go to INTERFACES and disable Block bogon network. I hope the next update can fix this issue.
-
I have lost all LAN to WAN communication. Suggestions?
-
@w0w said in There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: too many elements.:
create system tunable named net.pf.request_maxcount
in System/Advanced/System Tunables and put 2000000 as value.and REBOOT the firewall!
-
@w0w Thanks!
-
For two reasons that is IMHO not the good solution:
- At least for me a clean install solved the problem, so there seems to be a different problem
- if (!!) the table is really to small, than Netgate should change the table size. So than your action is only a temporarily solution.
My advice is to save your config and to do a clean install based on the actual snapshot.
Louis
-
@louis2
Did you really read that?
https://redmine.pfsense.org/issues/10861
This is the clean installation from the latest ISO, nothing have been changed or imported:
The problem is not solved even on clean install. You will not receive this error until pf bogonsv6 table is full.
-
Yep, the table is to small should be at least 200000, however:
There are another problem as well !!
- after a fresh install ...... the bogon tables are not loaded, automatically!! Oeps!!
- and I also noticed an error "Bogons V6 file downloaded: pfctl: Invalid argument."
- you can have big questions about rule tables as big as 114000 rules. I did not test, but it is probably dramatically affecting performance!!
I also wonder why this is still not fixed !!!
IPV6 is not in every regard a blessing
Louis
-
@louis2
If I got it right this time It's on FreeBSD 12.2-PRERELEASE side not pfSense directly. Looks like not everyone have been noticed that base system is changed
-
Thanx!
I checked pfSense is on 12.2 now. I think Jim should have communicated that.
Not for every one relevant, but for me and others that is important to know.
Louis
