Can't Remove / Re-install Snort
-
08-14-14 14:19:01 [ There were error(s) loading the rules: /tmp/rules.debug:24: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [24]: table persist file /etc/bogonsv6]
This error is related to the Max Table Entry Size in pfSense.
You can increase the size of the table in:
System:Advanced:Firewall/NAT: Firewall Maximum Table Entries
Maximum number of table entries for systems such as aliases, sshlockout, snort, etc, combined. Note: Leave this blank for the default.
That may fix that particular error, but with only 256 MB of RAM more troubles will likely follow if you use Snort or Suricata or other memory-intensive packages.
Bill
-
That may fix that particular error, but with only 256 MB of RAM more troubles will likely follow if you use Snort or Suricata or other memory-intensive packages.
Yes that is a definite issue…. Need atleast 3-4GB at minimum....
-
I have sorted the hardware issue for now. I exported the config from the Alix, created a new pfSense VM and imported the config. The difference is night and day, it is so much faster working with the GUI and adding or removing packages.
I still seem to have one lingering problem though. Some websites still seem to be blocked, or, certain elements of the page are blocked (such as banner adds etc) even though Snort is removed.
My question now is; what is the config file that holds the list of IP's being blocked and where is it located. I want to flush this out so I can start Snort from scratch.
-
There is a table called "Snort2c" which you can see in Diagnostics:Tables
If the file is there, you can open it and click the "all" icon at the bottom to clear it.
If Snort is installed, you can clear the table by going to the Snort:Blocked Tab and hitting the "Clear" Icon.
