How to reset Number of blocked entries to view setting of suricata

meocon

Hello,
I use suricata with pfsense.
Now I have a problem in the alerts tab of suricata.
I have set "Number of blocked entries to view. Default is 500" to 500000.
And now I can't access that tab anymore.
and i get crash error
"Crash report begins. Anonymous machine information:

amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT #1 RELENG_2_7_0-n255866-686c8d3c1f0: Wed Jun 28 04:21:19 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_0-main/obj/amd64/LwYAddCr/var /jenkins/workspace/pfSense-CE-snapshots-2_7_0-main/sources/FreeBSD-src-REL

Crash report details:

PHP Errors:
[29-Aug-2023 15:22:49 ] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 161
[29-Aug-2023 15:52:20 ] PHP Fatal error: str_ireplace(): Cannot use output buffering in output buffering display handlers in /usr/local/www/csrf/csrf-magic.php on line 161

No FreeBSD crash data found."

Is there a way for me to reset that to 500 so I don't get this error again?
Thank you!

bmeeks

You will need to find the errant value stored in the config.xml file of the firewall and manually edit it. Be sure you take a configuration backup before editing the file.

Changing the value from the default is not a good idea, especially when you radically increase the value. You run the PHP process out of available memory. There is a finite amount of RAM reserved for PHP processes regardless of how much RAM may be in the hardware. I think the limit is currently 512 MB.

The config.xml file is in /conf/.

SteveITS

@meocon At the console you can restore an earlier config:
https://docs.netgate.com/pfsense/en/latest/backup/restore.html#console-configuration-history