We have the option to whitelist traffic in the IPS, but wouldn't it be a good idea to insert RETURN rules into the IPS chains so that packets will never even hit the IPS when whitelisted? There are usually two reasons to whitelist something: a) it triggers some error in the IPS which is why we totally want to circumvent Suricata, or b) performance because Suricata does not need to scan everything. In both cases a RETURN rule would make sense to me.
> https://patchwork.ipfire.org/project/ipfire/patch/20240910143748.3469271-6-michael.tremer@ipfire.org/ I have implemented this myself.
> https://www.ipfire.org/blog/ipfire-2-29-core-update-189-is-available-for-testing