PfSense crash when using 'Maximum new connections / per second(s)'
We tend to have Microsoft RDP open to the outside world. Due to the fact it attracts a lot of brute force attempts I haven't used the 'Maximum new connections / per second(s)' advanced rule in the firewall to ban IPs that keep trying to connect (I believe Windows boots them after 10 password attempts). This is set to 6/60 seconds, which appears to be effective. I have also modified the job that clears the list to the following
* * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 150 virusprot
When this setting is in place, the memory usage of the firewall appears to creep up. Eventually, the firewall will crash and log the following:
Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 02
fault virtual address = 0x8
fault code = supervisor read, page not present
The latest version that I have observed this behaviour on is:
built on Fri Nov 23 18:55:05 EST 2012
I've tried a few searches and not found any mention of this. Is this anticipated behaviour or should it be reported as a bug? If so, are there any further details that would help narrow down this issue?
Thanks in advance.
Additional: I have observed this behaviour on 3 pfSense firewalls. i386 install. Two hardware with intel NICs and one virtual on ESXi.
Did you submit crash report(s)? If not, please do. If so, let me know what public IP they came from (via PM with a link to this thread is fine if you don't want to list publicly).