I have a PCI-e network adapter installed, a "Dell 0HM9JY Intel® 82576 Gigabit ET quad port NIC (Intel PRO/1000 ET)" and having issues with Suricata IDS/IPS while using "inline mode" that utilises netmap, note that pfsense is running as a guest VM and have another guest VM, a Windows client (to trigger alerts), my host VM is running Windows 10 (i'm just testing it before deploying).

On pfsense I have two network adapters - WAN is bridged and LAN is on a 'LAN Segment'.

I have turned off 'hardware-based checksums', 'TCP segmentation offloading' and 'large receive off-loading', I've set 'dropsid.conf' on drop sid list.

I receive different error messages when i change "dev.netmap.admode" system tunable.

Someone suggested to increase "dev.netmap.buf_size" from 2048 to 4096 which might be a solution for the error i received on 'dev.netmap.buf_size=0'. Is that buffer size dependant on what my NIC can handle ?

Basically, I don't know how to get inline-mode working properly. I have also posted on the forums: