Excessively High Firewall Maximum Table Entries
-
Hello,
I am running an SG-1100 with pfBlockerNG and am receiving error messages like this one every day or so:
There were error(s) loading the rules: /tmp/rules.debug:25: cannot define table pfB_Top_v6: Cannot allocate memory - The line in question reads [25]: table <pfB_Top_v6> persist file "/var/db/aliastables/pfB_Top_v6.txt"I have also seen this for
/etc/bogons,/etc/bogonsv6, and/var/db/aliastables/pfB_Top_v4.txt.I have seen other references to increasing System > Advanced > Firewall & NAT > Firewall Maximum Table Entries, which I have done several times (increasing by doubling each time). I'm now up to 51,200,000, which seems ridiculously high. (I can't see what the default was anymore, since the note underneath the field that says "On this system the default is: <number>" always matches the currently set value.)
At the end of my pfBlockerNG update log, there is this information:
Alias table IP Counts ----------------------------- 270108 total 148228 /var/db/aliastables/pfB_Top_v4.txt 112180 /var/db/aliastables/pfB_Top_v6.txt 9085 /var/db/aliastables/pfB_PRI1_v4.txt 560 /var/db/aliastables/pfB_SCANNERS_v4.txt 55 /var/db/aliastables/pfB_PRI1_6_v6.txt pfSense Table Stats ------------------- table-entries hard limit 51200000 Table Usage Count 396570You can see that the pfBlockerNG rules account for <300k entries, and the total used is <400k, which is WAY less than 51 million, which is why I'm posting here for general firewall advice instead of with pfBlockerNG. Are there that many bogons out there? What is a reasonable value for Firewall Maximum Table Entries? What have I done wrong here?