PfSense crash when using 'Maximum new connections / per second(s)'
-
We tend to have Microsoft RDP open to the outside world. Due to the fact it attracts a lot of brute force attempts I haven't used the 'Maximum new connections / per second(s)' advanced rule in the firewall to ban IPs that keep trying to connect (I believe Windows boots them after 10 password attempts). This is set to 6/60 seconds, which appears to be effective. I have also modified the job that clears the list to the following
* * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 150 virusprot
When this setting is in place, the memory usage of the firewall appears to creep up. Eventually, the firewall will crash and log the following:
Fatal trap 12: page fault while in kernel mode
cpuid = 2; apic id = 02
fault virtual address = 0x8
fault code = supervisor read, page not presentThe latest version that I have observed this behaviour on is:
2.1-BETA0 (i386)
built on Fri Nov 23 18:55:05 EST 2012I've tried a few searches and not found any mention of this. Is this anticipated behaviour or should it be reported as a bug? If so, are there any further details that would help narrow down this issue?
Thanks in advance.
-
Additional: I have observed this behaviour on 3 pfSense firewalls. i386 install. Two hardware with intel NICs and one virtual on ESXi.
-
Did you submit crash report(s)? If not, please do. If so, let me know what public IP they came from (via PM with a link to this thread is fine if you don't want to list publicly).