Hey,
It won’t answer your question, but what I kind of gathered from above is you are looking to run your firewall in IPS mode with little to no loss in throughput on your line speed. If I am correct in assuming that, I actually achieved that with a computer built for under $500 on my home network which has 5Gbps/5Gbps using AF-Packet. You need a X710 or X520 from my testing (I have both here, used x520 for this and x710 for my server) and need to follow SEPTun/SEPTun.rst at master · pevma/SEPTun · GitHub this to set it up right. I have 5 sources enabled, and running full 5/5 Gbps on my home network with a transparent inline firewall with IPS turned on and all alerts set to drop.
I’d be happy to answer questions, I had a post here Linux bridge and af-packet wont drop on rule - #8 by Jacob_Steele where I documented most of my linux settings and OS (along with my journey through Ubuntu Server, FreeBSD and finally CachyOS Linux)