Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
[SOLVED] GeoIP Alias: Cannot allocate memory error
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] GeoIP Alias: Cannot allocate memory error (Read 8764 times)
camelot
Newbie
Posts: 3
Karma: 1
[SOLVED] GeoIP Alias: Cannot allocate memory error
«
on:
February 13, 2017, 01:49:59 am »
I created a few aliases of the GeoIP type for use in my LAN firewall rules. One alias includes the United States country. I receive an error message when the filter is reloaded and also when the firewall is booted:
"There were error(s) loading the rules: /tmp/rules.debug:23: cannot define table North_America: Cannot allocate memory - The line in question reads [23]: table <North_America> persist file "/var/db/aliastables/North_America.txt"
There is plenty of memory in the system: Per the dashboard:
Memory Usage: 3% (298/8065 MB)
Here's what I've tried so far:
1) Deleted and re-created the alias. No change in results.
2) Removed this alias and the associated firewall rule. I then receive a similar error message for another alias: "There were error(s) loading the rules: /tmp/rules.debug:27: cannot define table Western_Europe: Cannot allocate memory - The line in question reads [27]: table <Western_Europe> persist file "/var/db/aliastables/Western_Europe.txt".
3) Removed the underscore in the alias names, based on a forum posting found for this issue in an older version of OPNsense. It did not make a difference in the results.
Additional details:
- OPNsense 17.1.1 (up to date)
- Physical installation, not virtual. Hardware is dedicated to OPNsense.
- Very basic firewall rule set: I have just replaced the default LAN interface rule "Allow all from LAN net to any destination" with a few "Allow all from LAN net to " these few GeoIP aliases.
- IPS is not enabled
- Despite the error messages, traffic is flowing. I do not know if
some
of the GeoIP addresses may not have been loaded though.
Please let me know if more information is needed to help troubleshoot and correct this error. While I am new to OPNsense and BSD, I am very comfortable working in a Linux console and happy to learn.
Thanks for your help.
«
Last Edit: February 13, 2017, 07:31:37 pm by camelot
»
Logged
camelot
Newbie
Posts: 3
Karma: 1
Re: GeoIP Alias: Cannot allocate memory error
«
Reply #1 on:
February 13, 2017, 05:03:16 am »
A few more details --
Here are the sizes of the alias definition files in /var/db/aliastables/, according to wc:
FILE LINES BYTES COMMENT
North_America.txt: 62254 996735 Contains US and Canada
Western_Europe.txt: 82986 1348055 Contains multiple countries
Not sure if this is relevant --
The file /tmp/rules.limits includes these lines:
set limit states 806000
set limit src-nodes 806000
Logged
camelot
Newbie
Posts: 3
Karma: 1
Re: GeoIP Alias: Cannot allocate memory error
«
Reply #2 on:
February 13, 2017, 07:31:04 pm »
There is a default limit to the number of entries allowed in the firewall table. Fortunately this setting can be easily changed in the GUI --
Firewall > Settings > Advanced > Firewall Maximum Table Entries
Information message: Maximum number of table entries for systems such as aliases, sshlockout, snort, etc, combined.
Note: Leave this blank for the default. On your system the default size is: 200000
I increased this setting to 1000000, given that I have lots of RAM in this system. Now I no longer receive the error messages. Memory usage increased a small amount (to 306 MB), still just 3% of total.
Off topic: As this is my first topic posted on the forum, I want to say thank you to the OPNsense team for their great work.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
[SOLVED] GeoIP Alias: Cannot allocate memory error