PfSense crash when using 'Maximum new connections / per second(s)'

  • We tend to have Microsoft RDP open to the outside world. Due to the fact it attracts a lot of brute force attempts I haven't used the 'Maximum new connections / per second(s)' advanced rule in the firewall to ban IPs that keep trying to connect (I believe Windows boots them after 10 password attempts). This is set to 6/60 seconds, which appears to be effective. I have also modified the job that clears the list to the following

    *  *  *  *  *  root  /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 150 virusprot

    When this setting is in place, the memory usage of the firewall appears to creep up. Eventually, the firewall will crash and log the following:

    Fatal trap 12: page fault while in kernel mode
    cpuid = 2; apic id = 02
    fault virtual address        = 0x8
    fault code                            = supervisor read, page not present

    The latest version that I have observed this behaviour on is:

    2.1-BETA0 (i386)
    built on Fri Nov 23 18:55:05 EST 2012

    I've tried a few searches and not found any mention of this. Is this anticipated behaviour or should it be reported as a bug? If so, are there any further details that would help narrow down this issue?

    Thanks in advance.

  • Additional: I have observed this behaviour on 3 pfSense firewalls. i386 install. Two hardware with intel NICs and one virtual on ESXi.

  • Did you submit crash report(s)? If not, please do. If so, let me know what public IP they came from (via PM with a link to this thread is fine if you don't want to list publicly).

Log in to reply