PFsense 2.4.3 There were error(s) loading the rules: /tmp/rules.debug:18: cannot define table bogonsv6: Cannot allocate memory – The line in question read

Increase the Firewall Maximum Table Entries size to 400000 in System > Advanced, Firewall & NAT


Free DNS providers

Google Private and unfiltered. Most popular option.
CloudFlare Private and unfiltered. New player.
Quad9 Private and security aware. New player that blocks access to malicious domains.
OpenDNS Old player that blocks malicious domains and offers the option to block adult content.
Norton DNS Old player that blocks malicious domains and is integrated with their Antivirus.
CleanBrowsing Private and security aware. New player that blocks access to adult content.
Yandex DNS Old player that blocks malicious domains. Very popular in Russia.
Comodo DNS Old player that blocks malicious domains.

Virtualizing pfSense on Proxmox (4 and 5)


  • Proxmox host is up and running
  • Host has at least two network interfaces available for WAN and LAN.
  • you have already upload pfSense image to the host

Basic Proxmox networking

In order to virtualize pfSense we first need to create two Linux Bridges on Proxmox, which will be used for LAN and WAN. Select your host from the server view, navigate to System > Network. We will be using eth1 and eth2 interfaces for pfSense, while eth0 is for Proxmox management.

Screen Shot 2017-06-17 at 23.19.20.png

Click on create and select Linux Bridge. Under Bridge ports enter eth1.

Screen Shot 2017-06-17 at 23.19.59.png

Repeat the process to add another Linux Bridge, this time add eth2 under Bridge ports.

Screen Shot 2017-06-17 at 23.20.13.png

Proxmox Networking should now display two Linux bridges like on the following screenshot. WARNING: Proxmox requires reboot if the interfaces are not marked Active.

Screen Shot 2017-06-17 at 23.23.59.png

Creating pfSense virtual machine

After creating WAN and LAN Linux bridges, now we proceed to create a new virtual machine. Click on Create VM from the top right section and new virtual machine wizard will appear. Under General tab, add a name to your pfSense VM.

Screen Shot 2017-06-17 at 23.28.02.png

Under OS tab select Other OS types and click next.

Screen Shot 2017-06-17 at 23.28.08.png

On CD/DVD tab select local storage and under ISO image find the previously uploaded pfSense ISO.

Screen Shot 2017-06-17 at 23.28.15.png

On the next tab, select VirtIO under Bus/Device and enter disk size you need.

Screen Shot 2017-06-17 at 23.28.31.png

On the CPU tab select a single socket and add one or more cores. Confirm CPU type is Default (kvm64).

Screen Shot 2017-06-17 at 23.28.56.png

Under Memory tab add at least 1024 MB. Use fixed size memory.

Screen Shot 2017-06-17 at 23.29.17.png

On the Network tab select Bridged mode and vmbr1. Make sure VirtIO (paravirtualized) is selected under Model.

Screen Shot 2017-06-17 at 23.29.29.png

Finally confirm the settings and wait for the VM to be created. Select your newly created virtual machine from the server view sidebar.

Screen Shot 2017-06-17 at 23.29.46.png

While the pfSense virtual machine is selected, click on Hardware settings and add another network device. Under Bridge enter vmbr2 and select VirtIO (paravirtualized) under Model.

Screen Shot 2017-06-30 at 18.23.47.png

Confirm your virtual machine has two network interfaces now.

Screen Shot 2017-06-17 at 23.30.05.png

Starting and configuring the pfSense virtual machine

After creating a new virtual machine and adding network interfaces, it’s time to start the virtual machine. If everything was done correctly, you can see pfSense booting up from the Console window

Screen Shot 2017-06-17 at 23.30.32.png

pfSense will prompt you to select boot mode, press I to launch the installer.

Screen Shot 2017-06-17 at 23.31.06.png

When pfSense setup boots up, follow the installation steps as you would on a physical device. Simply run Quick/Easy setup and wait for it to complete. When prompted, select standard kernel. Click reboot to complete the installation. Make sure you remove the .ISO from the virtual CD/DVD media.

Screen Shot 2017-06-17 at 23.41.38.png

After pfSense virtual machine reboots you will be greeted by interfaces assignment wizard. We will not set be setting up VLAN’s now, so press N and confirm

Screen Shot 2017-06-17 at 23.44.04.png

On the following steps assign the WAN and LAN interfaces. For the purpose of this guide, we have assigned vtnet0 to WAN and vtnet1 to LAN.

Screen Shot 2017-06-17 at 23.44.18.png

After interfaces have been assigned, pfSense will complete the boot.

Screen Shot 2017-06-18 at 00.01.41.png

Configuring pfSense to work with Proxmox VirtIO

After the pfSense installation and interfaces assignment is complete, connect to the assigned LAN port from another computer.

WARNING: because the hardware checksum offload is not yet disabled, accessing pfSense WebGUI might be sluggish. This is NORMAL and is fixed in the following step.

To disable hardware checksum offload, navigate under System > Advanced and select Networking tab. Under Networking Interfaces section check the Disable hardware checksum offload and click save. Reboot will be required after this step.

Screen Shot 2017-06-30 at 18.51.25.png

Congratulations, the pfSense virtual machine installation and configuration on Proxmox is now complete.



If you’re still using old release (Ubuntu < 12.04) and still want to get updates using apt-get

deb oneiric main
deb-src oneiric main
deb oneiric-updates main
deb-src oneiric-updates main
deb oneiric universe
deb-src oneiric universe
deb oneiric-updates universe
deb-src oneiric-updates universe
deb oneiric-security main
deb-src oneiric-security main
deb oneiric-security universe
deb-src oneiric-security universe

Proxmox VE differential backups


Proxmox VE is a complete virtualization management solution for servers. You can virtualize even the most demanding application workloads running on Linux and Windows Servers. Checkout their page:

Due to lack of better backup functionality I prepared patches to support differential backups in Proxmox VE. These patches are in use for over a year.

Currently supported versions are 3.4, 4.1, 4.2, 4.3, 4.4, 5.0.

What are differential backups?

According to Wikipedia:

A differential backup is a type of data backup that preserves data saving only the difference in the data since the last full backup. (…) Another advantage, at least as compared to the incremental backup method of data backup, is that at data restoration time, at most two backup media are ever needed to restore all the data. This simplifies data restores as well as increases the likelihood of shortening data restoration time.

What my patches do?

My patches extends vzdump, xdelta3 and Web-GUI support. And yes, these patches fully support OpenVZ and KVM.

System administrator can use one additional parameter in Backup Jobs (Datacenter -> Backup -> Add/Edit) the Full Backup Every:

  • By default this value is set to 0. Which simply means: use old behavior (always create full backups).
  • But if you specify value larger than 0, for example 7. It will instruct the vzdump to create full backup once a week and use differentials for the rest.

Please consider the following example:

    vzdump 101 --remove 0 --mode snapshot --compress lzo --storage local --node hvm --fullbackup 4

It will create full backup of VM101 every 4 days, compressed using lzo, stored on local storage.

How to install?

There are three files:

    c760d7481beae8dba3c62f1d95c6fbde  pve-2.2-diff-backup-addon
    42c1a0f34eca9ac23de83523db00f6c5  pve-2.3-diff-backup-addon
    1292670afa84914aac4ebda59d2a7122  pve-3.0-diff-backup-addon
    cd68c203bb1804105a3b4acd52382f6d  pve-3.1-diff-backup-addon
    67fb4d2b397759fb83066ae93cc07b78  pve-3.2-diff-backup-addon
    3e095bd0ed5744a545016018e235fa27  pve-3.3-diff-backup-addon
    350ed7844a5802ca114a6b60e0b013dc  pve-3.4-diff-backup-addon
    e33ef0b546fb16baacc4baed57af20d2  pve-3.4-14-diff-backup-addon
    1657dbc46d9f8b379896a9c0a7dffc3e  pve-4.0-diff-backup-addon
    e5701606733fb10dc117ff2b008da11b  pve-4.1-diff-backup-addon
    9fd8b3cb99283e55b00d694ce633b723  pve-4.1-22-diff-backup-addon
    300b07f7837200b9cc281aff06105991  pve-4.2-diff-backup-addon
    05c8520f87443a8902faa3b24d25735f  pve-4.2-17-diff-backup-addon
    c9fc4aeb2e42d1d78f54c8e7b007fc3d  pve-4.3-diff-backup-addon
    3991a5773e1d85503513889eaf04910c  pve-4.4-diff-backup-addon
    6646d0bc79a70beeca482dcf5354d021  pve-4.4-13-diff-backup-addon
    cc07c340b4dbfcf00e9d216a2f8f8466  pve-5.0-diff-backup-addon

The installation procedure is fairly simple:

  1. Logged as root download:For PVE 2.2 (deprecated):

    For PVE 2.3 (deprecated):


    For PVE 3.0 (deprecated):


    For PVE 3.1 (deprecated):


    For PVE 3.2 (deprecated):


    For PVE 3.3 (deprecated):


    For PVE 3.4 (deprecated):


    For PVE 4.0 (deprecated):


    For PVE 4.1 (deprecated):


    For PVE 4.1-22 (compatible with 4.1-22 and newer) (deprecated):


    For PVE 4.2 (deprecated):


    For PVE 3.4-14 (compatible with 3.4-14 and newer) (deprecated):


    For PVE 4.2-17 (compatible with 4.2-17 and newer) (deprecated):


    For PVE 4.3 (deprecated):


    For PVE 4.4 (deprecated):


    For PVE 4.4-13 (compatible with 4.4-13 and newer) (stable):


    For PVE 5.0 (stable):

  2. Execute bash script. The script contains all needed patches:
    bash pve-4.4-diff-backup-addon apply
  3. When everything went right, you’ll see:
    Proxmox VE 5.0 - differential backup support
    Kamil Trzcinski,,
    PATCHED: /usr/share/pve-manager/
    PATCHED: /usr/share/perl5/PVE/
    Restarting PVE API Proxy Server: pveproxy.
    Restarting PVE Daemon: pvedaemon.
  4. Download and install xdelta3. If you want to use LZOP compressor, you have to download my xdelta3 compilation.
    dpkg -i pve-xdelta3_3.0.6-1_amd64.deb

    However, if you paranoid about installing untrusted applications you can compile the package yourself. All the sources can be found here: pve-xdelta3-master.tar.bz2

    Previous release of xdelta was 3.0.5. Please update to the newer one: 3.0.6.

And what about uninstall?

The procedure is simpler than installation. Type in the bash:

    bash pve-5.0-diff-backup-addon revert

After a while, you’ll see:

    Proxmox VE 5.0 - differential backup support
    Kamil Trzcinski,,

    RESTORED: /usr/share/pve-manager/
    RESTORED: /usr/share/perl5/PVE/

    Restarting PVE API Proxy Server: pveproxy.
    Restarting PVE Daemon: pvedaemon.


This is important part. If you will ever want to upgrade your Proxmox installation (by apt-get dist-upgrade or apt-get upgrade) ALWAYS revert/uninstall patches. You will still be able to apply them afterwards.

How to apply new patch version?

  • Use previous patch to revert changes.
  • Download new patch version and apply as described before.

The results

The results are really astonishing! These are real word values:

    VM   full      diff 1day   diff 2days   diff 3days    diff 4days
    1.   39.10GB   41MB        47MB         51MB          55MB
    2.   96.84GB   1.07GB      1.38GB       1.43GB        1.68GB
    3.   83.95GB   1.68GB      2.66GB       3.69GB        4.25GB
    4.   9.19GB    76KB        76KB         166MB         198MB

You see the differences. The diff sizes strictly depends on the use of the VMs. Using differential backups I have backups from last month (full backup once a week, differential daily)

Why this is not upstream?

I tried to push the changes upstream. They were rejected by Dietmar:

We removed that feature 3 years ago. I have no plans to re-add that. We want to keep vzdump a simple tool.

But I thought that it would be really shame if I wouldn’t go public with this.

Is it stable?

Yes, it is. This extensions uses xdelta3 as differential backup tool, which proven to be well tested and stable. I use it for about 9 months on 4 different Proxmox based servers. No problems so far.

However, if you happen to be paranoidal about backups… You should consider running following script. The script simply tries to verify all differential backups. I recently updated the script to support new VMA archive. So now you can verify backups all supported backups.

    chmod +x pve-verify-backups
    ./pve-verify-backups <backup-dir>


In case of any problems applying or reverting patches you can always simple revert back to stock. Simply reinstall modified packages:

    apt-get --reinstall install pve-manager qemu-server libpve-storage-perl

Then you can try to reapply patches once again.

In order to remove all leftovers you have to edit /etc/pve/vzdump.cron and remove fullbackup switch from vzdump command line.


  • v1: initial public release with support for PVE2.2 and PVE2.3 (2013-03-05)
  • v2: improved kvm backup size and speed for PVE2.3 (2013-03-08)
  • v3: added support for PVE3.0 (2013-06-02)
  • v3′: updated pve-verify-backups to support VMA archives (2013-06-06)
  • v3”: updated patches to support PVE3.1 (2013-08-24)
  • v3”: updated xdelta3 to 3.0.6. More info about changes: (2013-08-24)
  • v3”: updated patches to support PVE3.2 (2014-03-15)
  • v3”: added FAQ (2014-04-30)
  • v3”: updated patches to support PVE3.3 (2014-09-23)
  • v3”: updated patches to support PVE3.4 (2015-02-26)
  • v3”: updated patches to support PVE4.0 (2015-11-07)
  • v3”: updated patches to support PVE4.1 (2016-01-22)
  • v3”: updated patches to support PVE4.1-22 (2016-04-13)
  • v3”: updated patches to support PVE4.2 (2016-05-02)
  • v3”: updated patches to support PVE3.4-14 (2016-08-02)
  • v3”: updated patches to support PVE4.2-17 (2016-08-02)
  • v3”: updated patches to support PVE4.3 (2016-10-24)
  • v3”: updated patches to support PVE4.4 (2017-01-23)
  • v3”: updated patches to support PVE4.4-13 (2017-04-10)
  • v3”: updated patches to support PVE5.0 (2017-07-20)

Detailed list of changes

  1. pve-xdelta3:
  2. vzdump:
    • added “fullbackup” option
  3. qmrestore and vzrestore:
    • added support for differential backups
  4. PVE.dc.BackupEdit:
    • added controls for maxfiles and fullbackup

Proxmox Free Community upgrade from 4.4 to 5.x version

01. /etc/apt/sources.list
deb jessie main contrib

# PVE pve-no-subscription repository provided by,
# NOT recommended for production use
deb jessie pve-no-subscription

# security updates
deb jessie/updates main contrib

02. mv /etc/apt/sources.list.d/pve-enterprise.list /home

03. apt-get update

04. apt-get dist-upgrade

05. reboot

06. Virtual Environment 4.4-18/ef2610e8

07. /etc/apt/sources.list
deb stretch main contrib

# PVE pve-no-subscription repository provided by,
# NOT recommended for production use
deb stretch pve-no-subscription

# security updates
deb stretch/updates main contrib

08. apt-get update

09. apt-get dist-upgrade

10. reboot

11. Virtual Environment 5.0-32/2560e073


How to Install KeePass in Linux Mint / Ubuntu

Technically, we can install KeePass through Ubuntu Software…

…or the Linux Mint Software Manager.

However, if we install KeePass through these channels, we won’t be getting the very latest version. And where’s the fun in that?

Add the KeePass repository

For the latest and greatest KeePass installation on Linux, we must add a repository. We just need to fire up a terminal, with Ctrl+Alt+T, and type:

sudo apt-add-repository ppa:jtaylor/keepass -y

Just a reminder for Linux newcomers, when we use the “sudo” command, and we enter our password, nothing will show as we type, no stars or dots or anything. We just enter the password and hit Enter.

For more information about Linux terminal commands, check out our guide:

After successfully adding the repository, we need to do an update with:

sudo apt-get update

Install KeePass

Once the update is done, and we had no error messages, we type the following command to install KeePass:

sudo apt-get install keepass2 -y

Once we finish with the installation, we will find KeePass at the Mint menu, in the Accessories section.

In Ubuntu, we just need to search for it on the Dash.


Back to top