I want IPFW firewall and Suricata to work together. Below is how I do:
Add a IPFW rule in divert mode, like this: ipfw add 100 divert 8000 ip from any to any
Start suricata in inline mode,like this: suricata -c /usr/local/etc/suricata/suricata1.yaml -d 8000 -D
It works for me. But when I add a new firewall rule, I have to start a new suricata process. A suricata process will use about 100MB RAM. So I cannot create too many firewall rules.
Is there any way to solve this problem?