[susoq]

Hello,

Has anyone installed Suricata (through Entware) on a r7800 router? If so, how was performance (and which rules did you use)?

This is really intriguing to me but I had been assuming that performance of the router would go down tremendously...

Thanks for any info anyone might have!

[the-joker]

While it is always nice to have such a fallback, its kind of moot if you dont keep up with the latest dd-wrt versions which fix known CVE's in kernel, libraries and 3rd party components.

Also, Entware packages are rarely kept up-to-date and thus not keeping up with all CVE patches and they are maintained by random 3rd parties whom you need to trust.

Having said that, you could always test installing it and answering your own question, I remember reading anyone doing this.

However and because Im a curious person by nature, I found this https://github.com/spithash/DD-WRT-Update-Suricata-Rules-Automatically so perhaps this person has already tried this, so you could ask them on GitHub, maybe?

[Alozaros]

snort or suricata are made to run only on x86/x64 pc,
On router it will saturate the CPU badly,as it has to scan each packet, especially if you have a higher WAN speeds 500mbt to 1Gig its impossible, but even a lower WAN speeds are too heavy...as well, it depends from its configuration...
but on very low WAN speeds it may work, although not very useful...


as well bear in mind entware is running the older versions, of those... so not much point of entware, your best bet is dedicated PC on WAN...
as alternatives pfsense, OPENsense..much easy to config and understand...