firewalls are just not cutting it at all
Out of the box the firewall on FreeBSD does not come with any installed packages. However, I really wanted to use Snort or Suricata with logging and blocking, because without an intrusion detection based feature, firewalls are just not cutting it at all. The reviews online said it cannot be done, and Netgate themselves recommend against installing Sort and Suricata.
Well, turned out Snort ran quickly and then the firewall “died”, with the CPU perpetually being at 100%. I uninstalled and installed Suricata, and after some back and forth, it actually worked. The way that worked to turn it on was to install the package, then configure it, then reinstall the package, which takes a couple of minutes. After that Suricata was on. Success 😉
This may come as a somewhat of a surprise to cybersecurity professionals – Suricata usually beats Snorts on multi-core CPUs but requires extra overheads to do that. So on a single CPU I would have assumed Snort would be faster. Oh yes, and it only runs on the WAN interfaces, not on the LAN interface. I tried to set it on both but something fails – it seems the CPU cannot handle the “double burden”.