Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Suricata Inline and Traffic Shaping

    IDS/IPS
    2
    2
    211
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dmitri last edited by

      I've been using Suricata Inline mode for a few months and I noticed that it breaks the graphing of the outbound bandwidth, actually any reporting of outbound traffic (the traffic still flows, just no reporting on it).

      Well, today I setup Traffic shaping and saw that the queue reporting was also not working. Turning off Inline mode fixes all issues. I don't know if Traffic Shaping is actually being broken or it's just the reporting of it that's affected.

      I'm hoping someone else can confirm that they see the same behavior.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by

        Running Suricata with Inline IPS Mode automatically activates the FreeBSD netmap device. Using the netmap device seems to break things like traffic shaping and bandwidth recording. These are all issues within FreeBSD itself and are not directly related to pfSense nor Suricata.

        Unfortunately netmap is not a 100% mature technology on FreeBSD and thus has some warts. If shaping and bandwith monitoring are important to you, you should switch over to Legacy Mode blocking. On the other hand, if those things are something you can do without, then Inline IPS Mode offers several benefits when compared to Legacy Mode blocking.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post