PfBlocker Fatal error!



  • so I added a new IP to my white list in pfBlocker this morning and I got this.

    • Fatal error: Allowed memory size of X bytes exhausted (tried to allocate Z bytes)  in /usr/local/pkg/pfblocker.inc on line 253 -

    X being a large variable (9 digits). Z being a small variable (2 digits).

    and now nothing is being blocked by pfBlocker as it will not turn on.
    I have done a bit of searching and everything about this error and the error had fixes that have been updated already, (like changing files to use 510 memory instead of 256 or 128) or people just haven't been having this issue as of late, google was no help and searching these forums didn't show many results which none of them would work.

    so I'm a bit confused because nothing has changed as I'm using the same lists that I have always used and have made no changes to any preferences, I have never had this problem before.
    someone help me please, I feel partially naked and exposed without my lists!


  • Moderator

    Hi mint64,

    How much memory do you have on this box? If you look at the Status:Dashboard, how is the memory, CPU usage, etc..

    For the IP that you added to the Whitelist, what was the format that you used? Can you post the contents?

    When you say "pfBlocker whitelist" what does that mean? It should just be an "alias" that is added to the Interface Firewall rules that allows the traffic to pass and should be at the top of the Rules list.

    Did you try to delete the newly added whitelist IP address?

    How are you using pfBlocker? Aliases or are you using the defined policies in pfBlocker?



  • before i begin thanks for the help

    How much memory do you have on this box?
    the pfsense box has 6gigs of ram @.@ it's my old gaming machine that sadly became outdated for today's games and had to be retired.

    For the IP that you added to the Whitelist, what was the format that you used? Can you post the contents?
    for white listing IP's I have a list at the top of my list of lists on the pfBlocker tab that has no url, at the bottom box in the custom field I add single IP's and ranges in CIDR format. it's just a few  ip's nothing special.

    When you say "pfBlocker whitelist" what does that mean?
    permit_outbound list

    It should just be an "alias" that is added to the Interface Firewall rules that allows the traffic to pass and should be at the top of the Rules list.
    aliases confuse me a little and firewall rules get pushed to the bottom so this is what i came up with.

    Did you try to delete the newly added whitelist IP address?
    yup. I even tried trimming down the lists some but nothing changed.

    How are you using pfBlocker? Aliases or are you using the defined policies in pfBlocker?
    can you elaborate? i'm not sure what your asking sorry  :-\

    edit: the machine i'm using with the pfsense box with is basically performing wonderfully right now, besides not having pfBlocker running, no other packages, basically it's overpowered for a router but under-powered for gaming. and I'm using block lists from a well known website.


  • Moderator

    Looks like you have enough memory but can you check to see on the Diagnostic pages if its being fully utilized? On the main status page it will show "Memory Usage"

    For the IP that you added to the Whitelist, what was the format that you used? Can you post the contents?
    for white listing IP's I have a list at the top of my list of lists on the pfBlocker tab that has no url, at the bottom box in the custom field I add single IP's and ranges in CIDR format. it's just a few  ip's nothing special.

    For the "Permit Outbound" List can you post what IPs or CIDR ranges you used? Maybe its in a bad format that is causing this issue? It needs to be one per line.

    Another option for Whitelisting, is to use an "Alias"

    Goto "Firewall:Alias" and click the "+" icon to add a new alias. For the type select "Host" if you want to use Single Ip addresses, or select "Network" to use IPs or ranges. For a single IP select "32". than add all of your safe whitelisted IPS here.

    Goto "Firewall:Rules" For the Interface that you want to assign a whitelist, and add a new Rule.

    Pass, Source (select the newly created Alias) and leave the rest as default settings. You can customize to your network.

    Pass rules should be listed above Block rules.

    You can use pfBlocker with the way you are using it with the Defined Polices (Permit, Deny etc), or the other Option is to select all of the Lists as "Aliases". pfBlocker will create an alias automatically and you can add rules on each interface which can give you more fine tuning ability.

    This is not related to your issue, but just a comment.

    Another option is to disable pfBlocker and reboot, then re-enable. But post the contents of the Whitelist which might shed some more light on the issue.



  • it's registering all 6k MB

    not sure why the list is relevant but here it is:

    edit: removed but it wasn't the list.



  • I rolled back from 2.1.3 to 2.1.2 and it fixed the issue I was having, then updated to 2.1.3 again and it works!


Log in to reply