Error every 15 minutes - /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory

tpalsson · Apr 2, 2022, 3:56 PM

Hi,

Running on my Sg-3100 with latest 22.01 release.
Additional 120Gb m.2 SSD mounted.

Every 15 minute I got error messages in my log and under notices saying:

There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
@ 2022-04-02 15:30:02

I've searched through the forum and tried to increase System->Advanced->Firewall&NAT->Firewall Maximum Table Entries in steps up to 1250000 .. Also did Filter Reload after each change but still no differences...

Do someone have an idea?

Last hour in System log/General:

Apr 2 15:30:02	php	43856	rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
Apr 2 15:23:43	php-fpm	20290	/rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
Apr 2 15:23:40	check_reload_status	75016	Reloading filter
Apr 2 15:23:29	php-fpm	68623	/rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
Apr 2 15:23:27	check_reload_status	75016	Reloading filter
Apr 2 15:23:26	check_reload_status	75016	Syncing firewall
Apr 2 15:23:26	php-fpm	20290	/system_advanced_firewall.php: Configuration Change: admin@192.168.1.105 (Local Database): Changed Advanced Firewall/NAT settings.
Apr 2 15:22:00	sshguard	3942	Now monitoring attacks.
Apr 2 15:22:00	sshguard	37664	Exiting on signal.
Apr 2 15:19:43	php-fpm	20290	/index.php: Successful login for user 'admin' from: 192.168.1.105 (Local Database)
Apr 2 15:15:02	php	18764	rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
Apr 2 15:11:04	arpwatch	92501	bogon 0.0.0.0 98:09:cf:73:b5:c9
Apr 2 15:11:03	arpwatch	92501	bogon 0.0.0.0 98:09:cf:73:b5:c9
Apr 2 15:11:03	arpwatch	92501	bogon 0.0.0.0 98:09:cf:73:b5:c9
Apr 2 15:00:02	php	89520	rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
Apr 2 14:45:02	php	56885	rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
Apr 2 14:30:02	php	36306	rc.filter_configure_sync: New alert found: There were error(s) loading the rules: /tmp/rules.debug:19: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [19]: table <bogonsv6> persist file "/etc/bogonsv6"
Apr 2 14:30:00	sshguard	37664	Now monitoring attacks.
Apr 2 14:30:00	sshguard	84721	Exiting on signal.

stephenw10 · Apr 2, 2022, 4:40 PM

Is it exhausting the memory completely? Check the Status > Monitoring graphs.

Steve

SteveITS · Apr 2, 2022, 4:45 PM

@tpalsson There was a similar thread a few weeks ago about the IPv6 bogons on a 3100. I don't recall if the person ever figured it out. However, there's nothing about the 3100 that says it won't work, in fact we have one with it enabled. It's basically either a memory or table entries size question.

If you don't have IPv6 consider not loading the IPv6 bogons.

tpalsson · Apr 3, 2022, 7:43 AM

This post is deleted!

tpalsson · Apr 3, 2022, 7:45 AM

@stephenw10 Seem to be very good.. 75% free, low usage

tpalsson · Apr 3, 2022, 8:05 AM

@steveits Unchecking "Allow IPv6" under System->Advanced->Networking seems to stop the errors... However, it should work with IPv6 enabled ?!

edit** Enabled it back again, and now I don't have any errors in my log...

Thank you for your help!

//T