Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata Inline Mode Not Blocking

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 903 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      iamnos
      last edited by

      Hi folks,
      I've done a careful read through of this post:
      https://forum.netgate.com/topic/138613/configuring-pfsense-netmap-for-suricata-inline-ips-mode-on-em-igb-interfaces

      What I'm trying to do is have pfSense and suricata act as a transparent firewall/IPS/IDS. I'm using an APU2D4 (Intel Pro 1000 nics). When I put suricata on the bridge interface, I get no alerts. If I put suricata on the WAN interface I get alerts, even saying they've dropped the packet, but it still gets through.

      The test I've been doing from pfSense is:
      curl http://testmyids.com.

      I have the rule set to block, and when doing the curl request, suricata logs:

      03/07/2019-10:44:13.570305  [Drop] [**] [1:2100498:7] GPL ATTACK_RESPONSE id check returned root [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 217.160.0.187:80 -> 192.168.45.198:54834

      However, curl is still getting the page contents. If I switch to legacy mode, it does block after the first connection.

      From that previous post, here's the diagnostics:

      ifconfig igb0
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=1000b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,NETMAP>
	ether 00:0d:b9:4f:c4:18
	hwaddr 00:0d:b9:4f:c4:18
	inet6 fe80::20d:b9ff:fe4f:c418%igb0 prefixlen 64 scopeid 0x1 
	inet 192.168.45.198 netmask 0xffffff00 broadcast 192.168.45.255 
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active

      sysctl -a | grep netmap
device	netmap
dev.netmap.ixl_rx_miss_bufs: 0
dev.netmap.ixl_rx_miss: 0
dev.netmap.iflib_rx_miss_bufs: 0
dev.netmap.iflib_rx_miss: 0
dev.netmap.iflib_crcstrip: 1
dev.netmap.bridge_batch: 1024
dev.netmap.default_pipes: 0
dev.netmap.priv_buf_num: 4098
dev.netmap.priv_buf_size: 2048
dev.netmap.buf_curr_num: 163840
dev.netmap.buf_num: 163840
dev.netmap.buf_curr_size: 2048
dev.netmap.buf_size: 2048
dev.netmap.priv_ring_num: 4
dev.netmap.priv_ring_size: 20480
dev.netmap.ring_curr_num: 200
dev.netmap.ring_num: 200
dev.netmap.ring_curr_size: 36864
dev.netmap.ring_size: 36864
dev.netmap.priv_if_num: 1
dev.netmap.priv_if_size: 1024
dev.netmap.if_curr_num: 100
dev.netmap.if_num: 100
dev.netmap.if_curr_size: 1024
dev.netmap.if_size: 1024
dev.netmap.generic_rings: 1
dev.netmap.generic_ringsize: 1024
dev.netmap.generic_mit: 100000
dev.netmap.admode: 0
dev.netmap.fwd: 0
dev.netmap.flags: 0
dev.netmap.adaptive_io: 0
dev.netmap.txsync_retry: 2
dev.netmap.no_pendintr: 1
dev.netmap.mitigate: 1
dev.netmap.no_timestamp: 0
dev.netmap.verbose: 0
dev.netmap.ix_rx_miss_bufs: 0
dev.netmap.ix_rx_miss: 0
dev.netmap.ix_crcstrip: 0

      sysctl -a | grep msi
hw.ixl.enable_msix: 1
hw.sdhci.enable_msi: 1
hw.puc.msi_disable: 0
hw.pci.honor_msi_blacklist: 1
hw.pci.msix_rewrite_table: 0
hw.pci.enable_msix: 1
hw.pci.enable_msi: 1
hw.mfi.msi: 1
hw.malo.pci.msi_disable: 0
hw.ix.enable_msix: 1
hw.igb.enable_msix: 1
hw.em.enable_msix: 1
hw.cxgb.msi_allowed: 2
hw.bce.msi_enable: 1
hw.aac.enable_msi: 1
machdep.disable_msix_migration: 0

      sysctl -a | grep igb
device	igb
hw.igb.tx_process_limit: -1
hw.igb.rx_process_limit: 100
hw.igb.num_queues: 0
hw.igb.header_split: 0
hw.igb.max_interrupt_rate: 8000
hw.igb.enable_msix: 1
hw.igb.enable_aim: 1
hw.igb.txd: 1024
hw.igb.rxd: 1024
dev.igb.2.host.header_redir_missed: 0
dev.igb.2.host.serdes_violation_pkt: 0
dev.igb.2.host.length_errors: 0
dev.igb.2.host.tx_good_bytes: 3617488
dev.igb.2.host.rx_good_bytes: 1316381
dev.igb.2.host.breaker_tx_pkt_drop: 0
dev.igb.2.host.tx_good_pkt: 2
dev.igb.2.host.breaker_rx_pkt_drop: 0
dev.igb.2.host.breaker_rx_pkts: 0
dev.igb.2.host.rx_pkt: 1
dev.igb.2.host.host_tx_pkt_discard: 0
dev.igb.2.host.breaker_tx_pkt: 0
dev.igb.2.interrupts.rx_overrun: 0
dev.igb.2.interrupts.rx_desc_min_thresh: 0
dev.igb.2.interrupts.tx_queue_min_thresh: 9960
dev.igb.2.interrupts.tx_queue_empty: 10917
dev.igb.2.interrupts.tx_abs_timer: 0
dev.igb.2.interrupts.tx_pkt_timer: 0
dev.igb.2.interrupts.rx_abs_timer: 0
dev.igb.2.interrupts.rx_pkt_timer: 9959
dev.igb.2.interrupts.asserts: 33608
dev.igb.2.mac_stats.tso_ctx_fail: 0
dev.igb.2.mac_stats.tso_txd: 0
dev.igb.2.mac_stats.tx_frames_1024_1522: 1531
dev.igb.2.mac_stats.tx_frames_512_1023: 543
dev.igb.2.mac_stats.tx_frames_256_511: 216
dev.igb.2.mac_stats.tx_frames_128_255: 1257
dev.igb.2.mac_stats.tx_frames_65_127: 7357
dev.igb.2.mac_stats.tx_frames_64: 15
dev.igb.2.mac_stats.mcast_pkts_txd: 3
dev.igb.2.mac_stats.bcast_pkts_txd: 13
dev.igb.2.mac_stats.good_pkts_txd: 10919
dev.igb.2.mac_stats.total_pkts_txd: 10919
dev.igb.2.mac_stats.total_octets_txd: 3617488
dev.igb.2.mac_stats.good_octets_txd: 3617488
dev.igb.2.mac_stats.total_octets_recvd: 1345249
dev.igb.2.mac_stats.good_octets_recvd: 1316381
dev.igb.2.mac_stats.rx_frames_1024_1522: 1
dev.igb.2.mac_stats.rx_frames_512_1023: 704
dev.igb.2.mac_stats.rx_frames_256_511: 33
dev.igb.2.mac_stats.rx_frames_128_255: 2015
dev.igb.2.mac_stats.rx_frames_65_127: 5824
dev.igb.2.mac_stats.rx_frames_64: 1383
dev.igb.2.mac_stats.mcast_pkts_recvd: 0
dev.igb.2.mac_stats.bcast_pkts_recvd: 7
dev.igb.2.mac_stats.good_pkts_recvd: 9960
dev.igb.2.mac_stats.total_pkts_recvd: 10100
dev.igb.2.mac_stats.mgmt_pkts_txd: 0
dev.igb.2.mac_stats.mgmt_pkts_drop: 0
dev.igb.2.mac_stats.mgmt_pkts_recvd: 0
dev.igb.2.mac_stats.unsupported_fc_recvd: 0
dev.igb.2.mac_stats.xoff_txd: 0
dev.igb.2.mac_stats.xoff_recvd: 0
dev.igb.2.mac_stats.xon_txd: 0
dev.igb.2.mac_stats.xon_recvd: 0
dev.igb.2.mac_stats.coll_ext_errs: 0
dev.igb.2.mac_stats.tx_no_crs: 0
dev.igb.2.mac_stats.alignment_errs: 0
dev.igb.2.mac_stats.crc_errs: 0
dev.igb.2.mac_stats.recv_errs: 0
dev.igb.2.mac_stats.recv_jabber: 0
dev.igb.2.mac_stats.recv_oversize: 0
dev.igb.2.mac_stats.recv_fragmented: 0
dev.igb.2.mac_stats.recv_undersize: 0
dev.igb.2.mac_stats.recv_no_buff: 0
dev.igb.2.mac_stats.recv_length_errors: 0
dev.igb.2.mac_stats.missed_packets: 0
dev.igb.2.mac_stats.defer_count: 0
dev.igb.2.mac_stats.sequence_errors: 0
dev.igb.2.mac_stats.symbol_errors: 0
dev.igb.2.mac_stats.collision_count: 0
dev.igb.2.mac_stats.late_coll: 0
dev.igb.2.mac_stats.multiple_coll: 0
dev.igb.2.mac_stats.single_coll: 0
dev.igb.2.mac_stats.excess_coll: 0
dev.igb.2.queue3.lro_flushed: 0
dev.igb.2.queue3.lro_queued: 0
dev.igb.2.queue3.rx_bytes: 210221
dev.igb.2.queue3.rx_packets: 1449
dev.igb.2.queue3.rxd_tail: 424
dev.igb.2.queue3.rxd_head: 425
dev.igb.2.queue3.tx_packets: 0
dev.igb.2.queue3.no_desc_avail: 0
dev.igb.2.queue3.txd_tail: 0
dev.igb.2.queue3.txd_head: 0
dev.igb.2.queue3.interrupt_rate: 83333
dev.igb.2.queue2.lro_flushed: 0
dev.igb.2.queue2.lro_queued: 0
dev.igb.2.queue2.rx_bytes: 201018
dev.igb.2.queue2.rx_packets: 1373
dev.igb.2.queue2.rxd_tail: 348
dev.igb.2.queue2.rxd_head: 349
dev.igb.2.queue2.tx_packets: 4
dev.igb.2.queue2.no_desc_avail: 0
dev.igb.2.queue2.txd_tail: 14
dev.igb.2.queue2.txd_head: 14
dev.igb.2.queue2.interrupt_rate: 100000
dev.igb.2.queue1.lro_flushed: 0
dev.igb.2.queue1.lro_queued: 0
dev.igb.2.queue1.rx_bytes: 528772
dev.igb.2.queue1.rx_packets: 4178
dev.igb.2.queue1.rxd_tail: 81
dev.igb.2.queue1.rxd_head: 82
dev.igb.2.queue1.tx_packets: 0
dev.igb.2.queue1.no_desc_avail: 0
dev.igb.2.queue1.txd_tail: 0
dev.igb.2.queue1.txd_head: 0
dev.igb.2.queue1.interrupt_rate: 90909
dev.igb.2.queue0.lro_flushed: 0
dev.igb.2.queue0.lro_queued: 0
dev.igb.2.queue0.rx_bytes: 339932
dev.igb.2.queue0.rx_packets: 3011
dev.igb.2.queue0.rxd_tail: 962
dev.igb.2.queue0.rxd_head: 964
dev.igb.2.queue0.tx_packets: 10992
dev.igb.2.queue0.no_desc_avail: 0
dev.igb.2.queue0.txd_tail: 100
dev.igb.2.queue0.txd_head: 101
dev.igb.2.queue0.interrupt_rate: 90909
dev.igb.2.fc_low_water: 31312
dev.igb.2.fc_high_water: 31328
dev.igb.2.rx_buf_alloc: 0
dev.igb.2.tx_buf_alloc: 0
dev.igb.2.extended_int_mask: 2147483679
dev.igb.2.interrupt_mask: 4
dev.igb.2.rx_control: 71335938
dev.igb.2.device_control: 1477706305
dev.igb.2.watchdog_timeouts: 0
dev.igb.2.rx_overruns: 0
dev.igb.2.tx_dma_fail: 0
dev.igb.2.mbuf_defrag_fail: 0
dev.igb.2.link_irq: 2
dev.igb.2.dropped: 0
dev.igb.2.eee_disabled: 0
dev.igb.2.dmac: 0
dev.igb.2.tx_processing_limit: -1
dev.igb.2.rx_processing_limit: 100
dev.igb.2.fc: 0
dev.igb.2.enable_aim: 1
dev.igb.2.nvm: -1
dev.igb.2.%parent: pci3
dev.igb.2.%pnpinfo: vendor=0x8086 device=0x157b subvendor=0x8086 subdevice=0x0000 class=0x020000
dev.igb.2.%location: slot=0 function=0 dbsf=pci0:3:0:0
dev.igb.2.%driver: igb
dev.igb.2.%desc: Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k
dev.igb.1.host.header_redir_missed: 0
dev.igb.1.host.serdes_violation_pkt: 0
dev.igb.1.host.length_errors: 0
dev.igb.1.host.tx_good_bytes: 0
dev.igb.1.host.rx_good_bytes: 0
dev.igb.1.host.breaker_tx_pkt_drop: 0
dev.igb.1.host.tx_good_pkt: 0
dev.igb.1.host.breaker_rx_pkt_drop: 0
dev.igb.1.host.breaker_rx_pkts: 0
dev.igb.1.host.rx_pkt: 0
dev.igb.1.host.host_tx_pkt_discard: 0
dev.igb.1.host.breaker_tx_pkt: 0
dev.igb.1.interrupts.rx_overrun: 0
dev.igb.1.interrupts.rx_desc_min_thresh: 0
dev.igb.1.interrupts.tx_queue_min_thresh: 0
dev.igb.1.interrupts.tx_queue_empty: 0
dev.igb.1.interrupts.tx_abs_timer: 0
dev.igb.1.interrupts.tx_pkt_timer: 0
dev.igb.1.interrupts.rx_abs_timer: 0
dev.igb.1.interrupts.rx_pkt_timer: 0
dev.igb.1.interrupts.asserts: 12077
dev.igb.1.mac_stats.tso_ctx_fail: 0
dev.igb.1.mac_stats.tso_txd: 0
dev.igb.1.mac_stats.tx_frames_1024_1522: 0
dev.igb.1.mac_stats.tx_frames_512_1023: 0
dev.igb.1.mac_stats.tx_frames_256_511: 0
dev.igb.1.mac_stats.tx_frames_128_255: 0
dev.igb.1.mac_stats.tx_frames_65_127: 0
dev.igb.1.mac_stats.tx_frames_64: 0
dev.igb.1.mac_stats.mcast_pkts_txd: 0
dev.igb.1.mac_stats.bcast_pkts_txd: 0
dev.igb.1.mac_stats.good_pkts_txd: 0
dev.igb.1.mac_stats.total_pkts_txd: 0
dev.igb.1.mac_stats.total_octets_txd: 0
dev.igb.1.mac_stats.good_octets_txd: 0
dev.igb.1.mac_stats.total_octets_recvd: 0
dev.igb.1.mac_stats.good_octets_recvd: 0
dev.igb.1.mac_stats.rx_frames_1024_1522: 0
dev.igb.1.mac_stats.rx_frames_512_1023: 0
dev.igb.1.mac_stats.rx_frames_256_511: 0
dev.igb.1.mac_stats.rx_frames_128_255: 0
dev.igb.1.mac_stats.rx_frames_65_127: 0
dev.igb.1.mac_stats.rx_frames_64: 0
dev.igb.1.mac_stats.mcast_pkts_recvd: 0
dev.igb.1.mac_stats.bcast_pkts_recvd: 0
dev.igb.1.mac_stats.good_pkts_recvd: 0
dev.igb.1.mac_stats.total_pkts_recvd: 0
dev.igb.1.mac_stats.mgmt_pkts_txd: 0
dev.igb.1.mac_stats.mgmt_pkts_drop: 0
dev.igb.1.mac_stats.mgmt_pkts_recvd: 0
dev.igb.1.mac_stats.unsupported_fc_recvd: 0
dev.igb.1.mac_stats.xoff_txd: 0
dev.igb.1.mac_stats.xoff_recvd: 0
dev.igb.1.mac_stats.xon_txd: 0
dev.igb.1.mac_stats.xon_recvd: 0
dev.igb.1.mac_stats.coll_ext_errs: 0
dev.igb.1.mac_stats.tx_no_crs: 0
dev.igb.1.mac_stats.alignment_errs: 0
dev.igb.1.mac_stats.crc_errs: 0
dev.igb.1.mac_stats.recv_errs: 0
dev.igb.1.mac_stats.recv_jabber: 0
dev.igb.1.mac_stats.recv_oversize: 0
dev.igb.1.mac_stats.recv_fragmented: 0
dev.igb.1.mac_stats.recv_undersize: 0
dev.igb.1.mac_stats.recv_no_buff: 0
dev.igb.1.mac_stats.recv_length_errors: 0
dev.igb.1.mac_stats.missed_packets: 0
dev.igb.1.mac_stats.defer_count: 0
dev.igb.1.mac_stats.sequence_errors: 0
dev.igb.1.mac_stats.symbol_errors: 0
dev.igb.1.mac_stats.collision_count: 0
dev.igb.1.mac_stats.late_coll: 0
dev.igb.1.mac_stats.multiple_coll: 0
dev.igb.1.mac_stats.single_coll: 0
dev.igb.1.mac_stats.excess_coll: 0
dev.igb.1.queue3.lro_flushed: 0
dev.igb.1.queue3.lro_queued: 0
dev.igb.1.queue3.rx_bytes: 0
dev.igb.1.queue3.rx_packets: 0
dev.igb.1.queue3.rxd_tail: 1023
dev.igb.1.queue3.rxd_head: 0
dev.igb.1.queue3.tx_packets: 0
dev.igb.1.queue3.no_desc_avail: 0
dev.igb.1.queue3.txd_tail: 0
dev.igb.1.queue3.txd_head: 0
dev.igb.1.queue3.interrupt_rate: 8000
dev.igb.1.queue2.lro_flushed: 0
dev.igb.1.queue2.lro_queued: 0
dev.igb.1.queue2.rx_bytes: 0
dev.igb.1.queue2.rx_packets: 0
dev.igb.1.queue2.rxd_tail: 1023
dev.igb.1.queue2.rxd_head: 0
dev.igb.1.queue2.tx_packets: 0
dev.igb.1.queue2.no_desc_avail: 0
dev.igb.1.queue2.txd_tail: 0
dev.igb.1.queue2.txd_head: 0
dev.igb.1.queue2.interrupt_rate: 8000
dev.igb.1.queue1.lro_flushed: 0
dev.igb.1.queue1.lro_queued: 0
dev.igb.1.queue1.rx_bytes: 0
dev.igb.1.queue1.rx_packets: 0
dev.igb.1.queue1.rxd_tail: 1023
dev.igb.1.queue1.rxd_head: 0
dev.igb.1.queue1.tx_packets: 0
dev.igb.1.queue1.no_desc_avail: 0
dev.igb.1.queue1.txd_tail: 0
dev.igb.1.queue1.txd_head: 0
dev.igb.1.queue1.interrupt_rate: 8000
dev.igb.1.queue0.lro_flushed: 0
dev.igb.1.queue0.lro_queued: 0
dev.igb.1.queue0.rx_bytes: 0
dev.igb.1.queue0.rx_packets: 0
dev.igb.1.queue0.rxd_tail: 1023
dev.igb.1.queue0.rxd_head: 0
dev.igb.1.queue0.tx_packets: 0
dev.igb.1.queue0.no_desc_avail: 0
dev.igb.1.queue0.txd_tail: 0
dev.igb.1.queue0.txd_head: 0
dev.igb.1.queue0.interrupt_rate: 8000
dev.igb.1.fc_low_water: 31312
dev.igb.1.fc_high_water: 31328
dev.igb.1.rx_buf_alloc: 0
dev.igb.1.tx_buf_alloc: 0
dev.igb.1.extended_int_mask: 2147483679
dev.igb.1.interrupt_mask: 4
dev.igb.1.rx_control: 71335962
dev.igb.1.device_control: 1209795137
dev.igb.1.watchdog_timeouts: 0
dev.igb.1.rx_overruns: 0
dev.igb.1.tx_dma_fail: 0
dev.igb.1.mbuf_defrag_fail: 0
dev.igb.1.link_irq: 1
dev.igb.1.dropped: 0
dev.igb.1.eee_disabled: 0
dev.igb.1.dmac: 0
dev.igb.1.tx_processing_limit: -1
dev.igb.1.rx_processing_limit: 100
dev.igb.1.fc: 0
dev.igb.1.enable_aim: 1
dev.igb.1.nvm: -1
dev.igb.1.%parent: pci2
dev.igb.1.%pnpinfo: vendor=0x8086 device=0x157b subvendor=0x8086 subdevice=0x0000 class=0x020000
dev.igb.1.%location: slot=0 function=0 dbsf=pci0:2:0:0
dev.igb.1.%driver: igb
dev.igb.1.%desc: Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k
dev.igb.0.host.header_redir_missed: 0
dev.igb.0.host.serdes_violation_pkt: 0
dev.igb.0.host.length_errors: 0
dev.igb.0.host.tx_good_bytes: 523683
dev.igb.0.host.rx_good_bytes: 2568190
dev.igb.0.host.breaker_tx_pkt_drop: 0
dev.igb.0.host.tx_good_pkt: 14
dev.igb.0.host.breaker_rx_pkt_drop: 0
dev.igb.0.host.breaker_rx_pkts: 0
dev.igb.0.host.rx_pkt: 5
dev.igb.0.host.host_tx_pkt_discard: 0
dev.igb.0.host.breaker_tx_pkt: 0
dev.igb.0.interrupts.rx_overrun: 0
dev.igb.0.interrupts.rx_desc_min_thresh: 0
dev.igb.0.interrupts.tx_queue_min_thresh: 15226
dev.igb.0.interrupts.tx_queue_empty: 7506
dev.igb.0.interrupts.tx_abs_timer: 0
dev.igb.0.interrupts.tx_pkt_timer: 0
dev.igb.0.interrupts.rx_abs_timer: 0
dev.igb.0.interrupts.rx_pkt_timer: 15221
dev.igb.0.interrupts.asserts: 34802
dev.igb.0.mac_stats.tso_ctx_fail: 0
dev.igb.0.mac_stats.tso_txd: 0
dev.igb.0.mac_stats.tx_frames_1024_1522: 0
dev.igb.0.mac_stats.tx_frames_512_1023: 8
dev.igb.0.mac_stats.tx_frames_256_511: 7
dev.igb.0.mac_stats.tx_frames_128_255: 9
dev.igb.0.mac_stats.tx_frames_65_127: 1513
dev.igb.0.mac_stats.tx_frames_64: 5982
dev.igb.0.mac_stats.mcast_pkts_txd: 21
dev.igb.0.mac_stats.bcast_pkts_txd: 55
dev.igb.0.mac_stats.good_pkts_txd: 7519
dev.igb.0.mac_stats.total_pkts_txd: 7519
dev.igb.0.mac_stats.total_octets_txd: 523619
dev.igb.0.mac_stats.good_octets_txd: 523619
dev.igb.0.mac_stats.total_octets_recvd: 2568190
dev.igb.0.mac_stats.good_octets_recvd: 2568190
dev.igb.0.mac_stats.rx_frames_1024_1522: 223
dev.igb.0.mac_stats.rx_frames_512_1023: 195
dev.igb.0.mac_stats.rx_frames_256_511: 3529
dev.igb.0.mac_stats.rx_frames_128_255: 2462
dev.igb.0.mac_stats.rx_frames_65_127: 2210
dev.igb.0.mac_stats.rx_frames_64: 6607
dev.igb.0.mac_stats.mcast_pkts_recvd: 1291
dev.igb.0.mac_stats.bcast_pkts_recvd: 6547
dev.igb.0.mac_stats.good_pkts_recvd: 15226
dev.igb.0.mac_stats.total_pkts_recvd: 15226
dev.igb.0.mac_stats.mgmt_pkts_txd: 0
dev.igb.0.mac_stats.mgmt_pkts_drop: 0
dev.igb.0.mac_stats.mgmt_pkts_recvd: 0
dev.igb.0.mac_stats.unsupported_fc_recvd: 0
dev.igb.0.mac_stats.xoff_txd: 0
dev.igb.0.mac_stats.xoff_recvd: 0
dev.igb.0.mac_stats.xon_txd: 0
dev.igb.0.mac_stats.xon_recvd: 0
dev.igb.0.mac_stats.coll_ext_errs: 0
dev.igb.0.mac_stats.tx_no_crs: 0
dev.igb.0.mac_stats.alignment_errs: 0
dev.igb.0.mac_stats.crc_errs: 0
dev.igb.0.mac_stats.recv_errs: 0
dev.igb.0.mac_stats.recv_jabber: 0
dev.igb.0.mac_stats.recv_oversize: 0
dev.igb.0.mac_stats.recv_fragmented: 0
dev.igb.0.mac_stats.recv_undersize: 0
dev.igb.0.mac_stats.recv_no_buff: 0
dev.igb.0.mac_stats.recv_length_errors: 0
dev.igb.0.mac_stats.missed_packets: 0
dev.igb.0.mac_stats.defer_count: 0
dev.igb.0.mac_stats.sequence_errors: 0
dev.igb.0.mac_stats.symbol_errors: 0
dev.igb.0.mac_stats.collision_count: 0
dev.igb.0.mac_stats.late_coll: 0
dev.igb.0.mac_stats.multiple_coll: 0
dev.igb.0.mac_stats.single_coll: 0
dev.igb.0.mac_stats.excess_coll: 0
dev.igb.0.queue3.lro_flushed: 0
dev.igb.0.queue3.lro_queued: 0
dev.igb.0.queue3.rx_bytes: 0
dev.igb.0.queue3.rx_packets: 80
dev.igb.0.queue3.rxd_tail: 469
dev.igb.0.queue3.rxd_head: 470
dev.igb.0.queue3.tx_packets: 0
dev.igb.0.queue3.no_desc_avail: 0
dev.igb.0.queue3.txd_tail: 0
dev.igb.0.queue3.txd_head: 0
dev.igb.0.queue3.interrupt_rate: 8000
dev.igb.0.queue2.lro_flushed: 0
dev.igb.0.queue2.lro_queued: 0
dev.igb.0.queue2.rx_bytes: 0
dev.igb.0.queue2.rx_packets: 59
dev.igb.0.queue2.rxd_tail: 235
dev.igb.0.queue2.rxd_head: 236
dev.igb.0.queue2.tx_packets: 0
dev.igb.0.queue2.no_desc_avail: 0
dev.igb.0.queue2.txd_tail: 0
dev.igb.0.queue2.txd_head: 0
dev.igb.0.queue2.interrupt_rate: 8000
dev.igb.0.queue1.lro_flushed: 0
dev.igb.0.queue1.lro_queued: 0
dev.igb.0.queue1.rx_bytes: 0
dev.igb.0.queue1.rx_packets: 213
dev.igb.0.queue1.rxd_tail: 371
dev.igb.0.queue1.rxd_head: 372
dev.igb.0.queue1.tx_packets: 13
dev.igb.0.queue1.no_desc_avail: 0
dev.igb.0.queue1.txd_tail: 0
dev.igb.0.queue1.txd_head: 0
dev.igb.0.queue1.interrupt_rate: 100000
dev.igb.0.queue0.lro_flushed: 0
dev.igb.0.queue0.lro_queued: 0
dev.igb.0.queue0.rx_bytes: 0
dev.igb.0.queue0.rx_packets: 74
dev.igb.0.queue0.rxd_tail: 307
dev.igb.0.queue0.rxd_head: 308
dev.igb.0.queue0.tx_packets: 298
dev.igb.0.queue0.no_desc_avail: 0
dev.igb.0.queue0.txd_tail: 154
dev.igb.0.queue0.txd_head: 154
dev.igb.0.queue0.interrupt_rate: 8000
dev.igb.0.fc_low_water: 31312
dev.igb.0.fc_high_water: 31328
dev.igb.0.rx_buf_alloc: 0
dev.igb.0.tx_buf_alloc: 0
dev.igb.0.extended_int_mask: 2147483679
dev.igb.0.interrupt_mask: 4
dev.igb.0.rx_control: 71335962
dev.igb.0.device_control: 1075577409
dev.igb.0.watchdog_timeouts: 0
dev.igb.0.rx_overruns: 0
dev.igb.0.tx_dma_fail: 0
dev.igb.0.mbuf_defrag_fail: 0
dev.igb.0.link_irq: 12
dev.igb.0.dropped: 0
dev.igb.0.eee_disabled: 0
dev.igb.0.dmac: 0
dev.igb.0.tx_processing_limit: -1
dev.igb.0.rx_processing_limit: 100
dev.igb.0.fc: 0
dev.igb.0.enable_aim: 1
dev.igb.0.nvm: -1
dev.igb.0.%parent: pci1
dev.igb.0.%pnpinfo: vendor=0x8086 device=0x157b subvendor=0x8086 subdevice=0x0000 class=0x020000
dev.igb.0.%location: slot=0 function=0 dbsf=pci0:1:0:0
dev.igb.0.%driver: igb
dev.igb.0.%desc: Intel(R) PRO/1000 Network Connection, Version - 2.5.3-k
dev.igb.%parent:

      sysctl -a | grep rss
device	wlan_rssadapt
hw.bxe.udp_rss: 0
hw.ix.enable_rss: 1

      cat /var/log/system.log | grep netmap
Mar  7 15:16:36 pfSense kernel: netmap: loaded module
Mar  7 15:16:36 pfSense kernel: igb0: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 15:16:36 pfSense kernel: igb1: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 15:16:36 pfSense kernel: igb2: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 20:49:49 pfSense kernel: netmap: loaded module
Mar  7 20:49:49 pfSense kernel: igb0: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 20:49:49 pfSense kernel: igb1: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 20:49:49 pfSense kernel: igb2: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  8 03:07:13 pfSense kernel: netmap: loaded module
Mar  8 03:07:13 pfSense kernel: igb0: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  8 03:07:14 pfSense kernel: igb1: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  8 03:07:14 pfSense kernel: igb2: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 08:40:04 pfSense kernel: netmap: loaded module
Mar  7 08:40:04 pfSense kernel: igb0: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 08:40:04 pfSense kernel: igb1: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 08:40:04 pfSense kernel: igb2: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 08:56:10 pfSense kernel: netmap: loaded module
Mar  7 08:56:10 pfSense kernel: igb0: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 08:56:10 pfSense kernel: igb1: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 08:56:10 pfSense kernel: igb2: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 09:09:25 pfSense kernel: 565.540396 [ 760] generic_netmap_dtor       Restored native NA 0
Mar  7 09:09:25 pfSense kernel: 565.567166 [ 760] generic_netmap_dtor       Restored native NA 0
Mar  7 09:15:27 pfSense kernel: 927.025114 [ 760] generic_netmap_dtor       Restored native NA 0
Mar  7 09:17:50 pfSense kernel: 070.415252 [ 760] generic_netmap_dtor       Restored native NA 0
Mar  7 09:17:50 pfSense kernel: 070.444352 [ 760] generic_netmap_dtor       Restored native NA 0
Mar  7 09:18:46 pfSense kernel: 126.218283 [ 760] generic_netmap_dtor       Restored native NA 0
Mar  7 09:45:46 pfSense kernel: 746.263552 [ 760] generic_netmap_dtor       Restored native NA 0
Mar  7 09:45:46 pfSense kernel: 746.290481 [ 760] generic_netmap_dtor       Restored native NA 0
Mar  7 09:45:46 pfSense kernel: 746.703129 [ 760] generic_netmap_dtor       Restored native NA 0
Mar  7 09:45:53 pfSense kernel: 753.723313 [ 760] generic_netmap_dtor       Restored native NA 0
Mar  7 09:45:53 pfSense kernel: 753.750241 [ 760] generic_netmap_dtor       Restored native NA 0
Mar  7 09:46:35 pfSense kernel: 795.391574 [ 760] generic_netmap_dtor       Restored native NA 0
Mar  7 10:06:42 pfSense kernel: netmap: loaded module
Mar  7 10:06:42 pfSense kernel: igb0: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 10:06:42 pfSense kernel: igb1: netmap queues/slots: TX 4/1024, RX 4/1024
Mar  7 10:06:42 pfSense kernel: igb2: netmap queues/slots: TX 4/1024, RX 4/1024

      cat /var/log/system.log | grep sig
Mar  7 15:17:46 pfSense syslogd: exiting on signal 15
Mar  7 15:19:27 pfSense syslogd: exiting on signal 15
Mar  7 20:50:27 pfSense syslogd: exiting on signal 15
Mar  8 03:08:02 pfSense syslogd: exiting on signal 15
Mar  7 08:38:12 pfSense syslogd: exiting on signal 15
Mar  7 08:40:45 pfSense syslogd: exiting on signal 15
Mar  7 08:56:11 pfSense syslogd: Logging subprocess 5511 (exec /usr/local/sbin/sshguard) exited due to signal 15.
Mar  7 08:56:54 pfSense syslogd: exiting on signal 15
Mar  7 10:05:06 pfSense syslogd: exiting on signal 15
Mar  7 10:06:43 pfSense syslogd: Logging subprocess 7875 (exec /usr/local/sbin/sshguard) exited due to signal 15.
Mar  7 10:07:26 pfSense syslogd: exiting on signal 15

      cat /var/log/suricata/suricata_*/suricata.log | grep -m 1 "signatures processed" 
7/3/2019 -- 10:43:36 - <Info> -- 394 signatures processed. 0 are IP-only rules, 97 are inspecting packet payload, 182 inspect application layer, 102 are decoder event only
      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Netmap is not likely to play very well with a transparent firewall bridge setup, especially with the way netmap is currently implemented within Suricata. Some improvements are planned upstream for netmap, but there is not yet a timetable for their release.

        Also note that Suricata will not work properly with a PPPoE type interface. I mention that because that is a popular type of setup for a WAN. The most popular is DHCP, but there are lots of PPPoE connections. The least popular setup is a static IP on the WAN.

        If you want to continue with the transparent firewall arrangement, I recommend you use Legacy Mode blocking.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.