Error loading rules

telserv

Does anyone have an idea about what I'm looking for in this error message?
There were error(s) loading the rules: /tmp/rules.debug:50: cannot define table pfB_Europe_v4: Cannot allocate memory - The line in question reads [50]: table <pfB_Europe_v4> persist file "/var/db/aliastables/pfB_Europe_v4.txt"
@ 2024-08-13 14:15:01

When I look at the alias(s), I see that pfBlockerNG Dev has downloaded IP addresses, so that much is working well. The PR1 list seems to be working, but my rules for allowing Europe and America don't seem to work.

This is a new install, and the problem is likely something I didn't understand.

Bob.Dig

@telserv Raise the "Firewall Maximum Table Entries" (SystemAdvancedFirewall & NAT), try 9 million.

Gertjan

@Bob-Dig

( @telserv ) Or load a less bigger pfBlockerng IP feed.

The entire "<pfB_Europe_v4>" is probably close to half the 2^32 range.
What about selecting the (way smaller ?!) list with IPs that you want to give access ?
Or the other way around.

telserv

@Bob-Dig. Well, that certainly had an impact. I'll reply again once I look at this more closely. Thanks for the very rapid response.

Gertjan

@telserv said in Error loading rules:

that certainly had an impact

The impact will be : for every incoming initial packet (of a stream), the source IPv4 is compared with the list with IPs (and network) for every entry in this list.
If there are really "9 000 000 000" entries to compare with, don't be surprised that firewall becomes very "sluggish". He's called 'pf' after all, not 'super man'.

telserv

@telserv Hi Bob.Dig

So that was the solution. I would never have found it, because I have only configured about six countries in Europe, and four in North America. However, I never argue with things that work.

Thanks again!