Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata Inline and Traffic Shaping

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 411 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dmitri
      last edited by

      I've been using Suricata Inline mode for a few months and I noticed that it breaks the graphing of the outbound bandwidth, actually any reporting of outbound traffic (the traffic still flows, just no reporting on it).

      Well, today I setup Traffic shaping and saw that the queue reporting was also not working. Turning off Inline mode fixes all issues. I don't know if Traffic Shaping is actually being broken or it's just the reporting of it that's affected.

      I'm hoping someone else can confirm that they see the same behavior.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        Running Suricata with Inline IPS Mode automatically activates the FreeBSD netmap device. Using the netmap device seems to break things like traffic shaping and bandwidth recording. These are all issues within FreeBSD itself and are not directly related to pfSense nor Suricata.

        Unfortunately netmap is not a 100% mature technology on FreeBSD and thus has some warts. If shaping and bandwith monitoring are important to you, you should switch over to Legacy Mode blocking. On the other hand, if those things are something you can do without, then Inline IPS Mode offers several benefits when compared to Legacy Mode blocking.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.