This seems like a start:
# pfctl -sr -v | grep -A2 divert-packet pass out quick on igc2 inet proto tcp from any to any port = 80 flags S/SA scrub (reassemble tcp) divert-packet port 700 [ Evaluations: 721 Packets: 0 Bytes: 0 States: 0 ] [ Inserted: uid 0 pid 19569 State Creations: 0 ] I suspect I have some more rooting around Suricata configuration to get IPS working as well. The package doc references setting -p 700 and a few suricata.yaml params, but it seems I am not quite off to the races with that. On Tue, Feb 3, 2026 at 7:21 AM Stuart Henderson <[email protected]> wrote: > On 2026/02/03 07:02, William B. wrote: > > > > Thanks for the referenced patch. I will give it a go. > > That will list divert sockets in "netstat -an -p divert" output but > won't help with your suricata and/or PF config. > > Are your "divert-packet" PF rules actually getting hit? Check your > packets / bytes / state creations counters in "pfctl -sr -v | grep > -A2 divert-packet". >
