Changing a Lan rule causing errors



  • I am seeing a lot of this lately between builds not sure if this has come up for others yet. But it can either knock me offline completely or partially ie no new connections outbound.

    09-03-13 10:51:45 [ There were error(s) loading the rules: /tmp/rules.debug:24: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [24]: table persist file /etc/bogonsv6]

    any thoughts?

    2.1-RC1 (i386)
    built on Fri Aug 30 13:39:32 EDT 2013
    FreeBSD 8.3-RELEASE-p10

    Update available. Click Here to view update.
    Platform nanobsd (4g)
    NanoBSD Boot Slice pfsense0 / ad0s1 (ro)
    CPU Type Geode(TM) Integrated Processor by AMD PCS
    Uptime 3 Days 18 Hours 40 Minutes 27 Seconds
    Current date/time
    Tue Sep 3 19:38:27 EDT 2013

    Also since I upgraded to this recent release my ipv6 gateway was configured to the wrong interface. I had to delete the default ipv6 gateway and add the proper one myself. Which will be fine till i either reboot or have to reconnect again to my isp who uses ipv6cp to setup the ipv6 stuff.



  • Do you have low resources on the box?


  • Banned

    Yeah, thoughts are to NOT use the bogonv6 thing at all. Way too huge for Alix.



  • I put a few checks for that in the code a while ago. From my memory, if you do NOT have "Block bogon networks" selected on any interface, then it does NOT implement the bogonsv6 table into pf. And, if System, Advanced, Networking, Allow IPv6 is unchecked, then it also does NOT implement the bogonsv6 table into pf.
    Of course, if you are using IPv6 and want to block bogons, then you get the table. It is huge and I guess that's the way it is, what to do? On 256MB (Alix…) it is 1 more thing that uses up your memory.


  • Banned

    @phil.davis:

    It is huge and I guess that's the way it is, what to do? On 256MB (Alix…) it is 1 more thing that uses up your memory.

    Pretty much nothing to do… I'd like to have the bogonsv6 thing split from the v4 ones if anything (as in, split checkbox in the GUI would make sense on nanobsd at least.)

    Anyway, I created a custom IPv4 bogons list in pfBblocker (alias only, http://files.pfsense.org/lists/fullbogons-ipv4.txt), using it where I need, the bogons checkbox unchecked, problem solved. (AFAIK there still is the insane 8000::/1 entry in there, which includes the link-local addresses and causing bugs mentioned on other threads.)



  • Thanks everyone
    Seems like it's be easier to just disable it on my two outgoing interfaces.  According to dashboard it is sitting at 81% memory used now with that feature on.


Log in to reply