That alert is coming from the built-in QUIC-events rules that ship with the Suricata binary.

The events rules are simply informational in nature and don't indicate any malware or other compromise. I suggest disabling that rule or else using the "suppress by SID" feature on the ALERTS tab to prevent the alert the resulting block of a host.

@stephenw10 said in Congestion control choose (BBR2, QUICK, RACK, CDG) for music streaming:

Unless you're streaming music from or on pfSense itself (which you shouldn't be!) then it makes no difference what pfSense is using for those.

Of course, streaming are from separate servers set.

The only exceptions to that might be if you're proxying the traffic in pfSense or perhaps routing the stream over a TCP VPN.

In this moment - stream traffic not proxying.

Additionally most streaming is UDP anyway.

Let me correct You: more and more services nowadays using TCP and QUICK.

But:
——
For instance, Netflix and Amazon Prime use TCP as transport layer protocol, while YouTube has adopted both UDP and TCP protocols.
——

Is any news about enabling QUIC in pfSense CE at the end of 2023?

Because around 90% of traffic in the world come to/from mobile gadgets, but we still using old congestion protocols in pfSense (even QUIC available in FreeBSD in that pfSense based, since several years…)