/usr/local/etc/bogonsv6 too big

[ekke]

https://www.dropbox.com/s/7tswaldhlmkdgyg/opnsense.PNG?dl=0

ll /usr/local/etc/bogonsv6
-rw-r--r--  1 root  wheel  1492763 Jan 30 23:09 /usr/local/etc/bogonsv6

I get a error when OPNSense tries to load this list. for now I have commented it out.

[phoenix]

I can't imagine why it's that large, mine isn't:

ll /usr/local/etc/bogonsv6
-rw-r--r--  1 root  wheel  860 Feb  1 11:58 /usr/local/etc/bogonsv6

Perhaps your is a hangover from the last release of OPNsense that you had installed or is this a clean install?

[franco]

It's normally over 1 MB once updated. The small file is the bootstrap file we ship with the core package.

If bogons are too big, you will have to disable them. Never heard of it before, half-guessing it is due to your hardware... how much RAM do you have?


Cheers,
Franco

[marjohn56]

Here's mine for comparision

admin@gateway:~ % ll /usr/local/etc/bogonsv6
-rw-r--r--  1 root  wheel  1508542 Feb  1 03:16 /usr/local/etc/bogonsv6

[mausy5043]

I can't imagine why it's that large, mine isn't:

ll /usr/local/etc/bogonsv6
-rw-r--r--  1 root  wheel  860 Feb  1 11:58 /usr/local/etc/bogonsv6

There is a *really* well-hidden option in Firewall > Diagnostics > pfTables
The button in the top-right corner : [Update bogons]. When clicked it downloads the latest list of bogons. Which can be fairly large.

Code: [Select]

$ la /usr/local/etc/bogons*
-rw-r--r--  1 root  wheel    62572 Feb  7 16:44 /usr/local/etc/bogons
-rw-r--r--  1 root  wheel      132 Jan 29 13:12 /usr/local/etc/bogons.sample
-rw-r--r--  1 root  wheel  1514021 Feb  7 16:44 /usr/local/etc/bogonsv6
-rw-r--r--  1 root  wheel      860 Jan 29 13:12 /usr/local/etc/bogonsv6.sample

And looking at my logs I see nothing special.

Code: [Select]


Feb  7 16:43:45 gateway configd.py: [dc6fa705-7811-47fd-a2d1-9c4bbc11a04b] request content of pf bogons table
Feb  7 16:44:04 gateway configd.py: [b4dfd709-84b2-41da-bc55-e26c2bab476f] update bogons database
Feb  7 16:44:04 gateway root: rc.update_bogons is starting up
Feb  7 16:44:04 gateway root: rc.update_bogons is beginning the update cycle
Feb  7 16:44:05 gateway root: rc.update_bogons is ending the update cycle
Feb  7 16:44:05 gateway configd.py: [2edfb7f2-a740-488b-a2e4-0aee5e383c64] request content of pf bogons table
Feb  7 16:46:22 gateway configd.py: [3f82124c-4eca-4186-b412-d5e27172e084] request content of pf bogonsv6 table

I tend to agree with @franco that this might be a memory problem.

[phoenix]

It's normally over 1 MB once updated. The small file is the bootstrap file we ship with the core package.

My mistake.  Doesn't that file get updated automatically? I always assumed that was the case, I've just updated it manually via the helpful hint from mausy5043 and it's now the 1.5MB size.

[franco]

Bill, do you have IPv6 turned off under Firewall: Settings: Advanced?


Cheers,
Franco

[phoenix]

Hi Franco

Yes, IPv6 is enabled and has been since I went to fibre in August last year.

[franco]

Hmm, and do you set "block bogons" anywhere in your interfaces?

Also in your system log do you see "Not saving IPv6 bogons table (IPv6 Allow is off and table-entries limit is potentially too low" ?


Cheers,
Franco

[ekke]

It's normally over 1 MB once updated. The small file is the bootstrap file we ship with the core package.

If bogons are too big, you will have to disable them. Never heard of it before, half-guessing it is due to your hardware... how much RAM do you have?


Cheers,
Franco

xeon 1230v3 8GB RAM

[phoenix]

Hmm, and do you set "block bogons" anywhere in your interfaces?

Yes, it's set on the WAN interface only and nowhere else.

Also in your system log do you see "Not saving IPv6 bogons table (IPv6 Allow is off and table-entries limit is potentially too low" ?

Nothing except the fact I started the update and the file did get updated.

[franco]

Weird, but out of ideas.

[phoenix]

Weird, but out of ideas.

No worries, I didn't miss it when it wasn't running.

[Ren]

i had the same issue after updating last night. I ended up bumping the Firewall Maximum Table Entries to 500,000 and rebooting. I can spare 500MB of RAM for this.

[marjohn56]

Perhaps why I have never had the issue, my FW Max Entries was already set to 1 Million. Plenty of RAM to play with.