TLD Domain count exceeded
-
-
This post is deleted! -
-
@Unoptanio re: "table-entries hard limit", what is your setting of "System > Advanced > Firewall & NAT > Firewall Maximum Table Entries"? Looks like you'd need it to be at least 4.9 million to fit 4806104 entries.
(note pfSense has a longstanding bug where the sentence "On this system the default size is: ___" always shows whatever number you've entered, if you've entered a custom number)
-
-
@Unoptanio Assuming your router has enough RAM, change the 400,000 to a higher number.
Actually per https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#firewall-maximum-table-entries it says twice the number you need so I guess 9 million for you.
-
-
I did a test now with a value of Firewall Maximum Table Entries 6,000,000 but it didn't solve the problem.
The number of X is always the same
-
@Unoptanio Not sure what to tell you. According to the pfBlocker directions I posted above, over 7 GB RAM should be limited to 2.5 million domains. You may need to find the code in pfBlocker that is setting the limit to 4 million and/or add RAM to your router.
-
S SteveITS referenced this topic on
-
Proverò ad acquistare altra ram
I will try to buy more RAM
my current ram consumption is around 50% -
Resolved
Extract from /usr/local/pkg/pfblockerng/pfblockerng.inc
// Determine max Domain count available for DNSBL TLD analysis (Avoid Unbound memory exhaustion) $pfs_memory = (round(get_single_sysctl('hw.physmem') / (1024*1024)) ?: 1000); if (!$pfb['dnsbl_py_blacklist']) { $pfb['pfs_mem'] = array( '0' => '100000', '1500' => '150000', '2000' => '200000', '2500' => '250000', '3000' => '400000', '4000' => '600000', '5000' => '1000000', '6000' => '1500000', '7000' => '2000000', '8000' => '2500000', '12000' => '3000000', '16000' => '4000000', '32000' => '8000000'); } else { $pfb['pfs_mem'] = array( '0' => '200000', '1500' => '300000', '2000' => '400000', '2500' => '500000', '3000' => '800000', '4000' => '1200000', '5000' => '2000000', '6000' => '3000000', '7000' => '4000000', '8000' => '5000000', '12000' => '6000000', '16000' => '8000000', '32000' => '16000000'); } foreach ($pfb['pfs_mem'] as $pfb_mem => $domain_max) { if ($pfs_memory >= $pfb_mem) { $pfb['domain_max_cnt'] = $domain_max; } }change "'7000' => '2000000'" and "'7000' => '4000000'" to "'7000' => '6000000'" in both sets.
change "'8000' => '2500000'" and "'8000' => '5000000'" to "'8000' => '6000000'" in both sets.
Update Reload | DNSBL after making these changes.
