All HowTo's Cybersecurity pfSense & Netgate

pfSense Cannot allocate memory with pfBlockerNG – Firewall Rules Not Working

This article discusses the cause and solution to the error message “Cannot allocate memory” relating to pfBlockerBG. In this scenario, we’re using a Netgate 2100 Base firewall appliance. The firewall was receiving the following error message when reloading the filter rules (in “Status – Filter Reload“).

There were error(s) loading the rules: /tmp/rules.debug:36: cannot define table pfB_Top_v4: Cannot allocate memory - The line in question reads [36]: table <pfB_Top_v4> persist file "/var/db/aliastables/pfB_Top_v4.txt"

The issue was noticed when changes were made to the firewall’s firewall rules (mouth full) configuration. New rules were not applying. Ie, we added rules to block a connection but the change didn’t take effect. We noticed randomness in what was and was not working.

We started by removing bulk (GeoIP) rules by continent. That was working to some extent, but not a real solution. We increased the “Firewall Maximum Table Entries” in “System – Advanced – Firewall & NAT“. We added two zeros and saved that. Then reloaded the filters in “Status – Filter Reload” and the error message was no longer present.

So the issue would likely be that the maximum number of rules was exceeded. I’ll revisit this in the future because I have my doubts and would like to compare this firewall appliance to another, but for now this worked.

Leave a Reply

Your email address will not be published. Required fields are marked *