Thank you SO much for this! Cleared up all of my problems with high core count firewalls.
Best regards, Fred
-----Original Message----- From: Stefan Schantl stefan.schantl@ipfire.org Sent: 19 May, 2019 12:52 To: development@lists.ipfire.org Subject: [PATCH] suricata: Limit to a maximum of "16" netfilter queues.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- src/initscripts/system/suricata | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata index 38b6a40d8..5a567f2d7 100644 --- a/src/initscripts/system/suricata +++ b/src/initscripts/system/suricata @@ -6,7 +6,7 @@ # # Author : Stefan Schantl stefan.schantl@ipfire.org # -# Version : 01.01 +# Version : 01.02 # # Notes : # @@ -50,7 +50,13 @@ function get_cpu_count { [ "$line" ] && [ -z "${line%processor*}" ] && ((CPUCOUNT++)) done </proc/cpuinfo
- echo $CPUCOUNT + # Limit to a maximum of 16 cores, because suricata does not support more than + # 16 netfilter queues at the moment. + if [ $CPUCOUNT -gt "16" ]; then + echo "16" + else + echo $CPUCOUNT + fi }
# Function to flush the firewall chains. -- 2.20.1