Maltrail vs. Suricata

[labsy]

Hi,

in previous versions I've been always using Suricata, but with 23.x it begun consuming a lot of CPU. Maybe it was due to some inheritable settings, maybe rules vs policies...dunno.
So I got rid of Suricata for now and gave a try to Maltrail. I did not get into details, Suricata seems more powerfull, but performance-wise I notice all web services behind my OPNSense are now (with Maltrail instead of Suricata) noticeably more responsive and faster. Also CPU load is cut on half now.

Thoughts?

[mimugmail]

Both are not really compareable. How many rules/lists do you use in Suri?

[labsy]

Huh...tough question, because I shut it down and removed all rules and policies (...to be ready for new installation, once v. 7 comes out). But as I remember, I scrolled down quite a lot, so it was definitelly more than 50 or even close to 100 rules.

I think there's also a question, what I need:
This is a small webhosting setup, I only want to protect a dozen of WEB and MAIL servers behind OPNSense against attacks from internet. There are no client computers behind, so no web surfing, mail clients etc to protect.
On the other hand, I do not want to slow down package transition too much, so to keep services responsive.