IPS 4096 Queue full

grindyourbit · 23 May 2026 16:00

Hey guys,

I have a problem…my IPS is basically on fire! The queue of max 4096 is getting flooded because of the Xbox App on PC downloading. Whenever I start a download on PC (like Forza 6 or something over the Xbox App for instance) my IPS is going through the roof!!!. My internet even completely crashed once because of this. Is there any way to increase the queue size from 4096? Or fix this problem generally? I get these terminal logs below…:

cat /proc/net/netfilter/nfnetlink_queue
0 14332 3424 2 65531 3127 0 2099733 1
1 3554376361 0 2 65531 0 0 860755 1
2 3741616848 0 2 65531 0 0 67 1
3 2657602215 0 2 65531 0 0 49 1
4 2395967620 0 2 65531 0 0 0 1
5 3883208510 0 2 65531 0 0 1 1
[root@XXX suricata]# cat /proc/net/netfilter/nfnetlink_queue
0 14332 3549 2 65531 3127 0 2114933 1
1 3554376361 0 2 65531 0 0 868308 1
2 3741616848 0 2 65531 0 0 67 1
3 2657602215 0 2 65531 0 0 49 1
4 2395967620 0 2 65531 0 0 0 1
5 3883208510 0 2 65531 0 0 1 1
[root@XXX suricata]# cat /proc/net/netfilter/nfnetlink_queue
0 14332 2787 2 65531 3127 0 2118233 1
1 3554376361 0 2 65531 0 0 870273 1
2 3741616848 0 2 65531 0 0 67 1
3 2657602215 0 2 65531 0 0 49 1
4 2395967620 0 2 65531 0 0 0 1
5 3883208510 0 2 65531 0 0 1 1
[root@XXX suricata]# cat /proc/net/netfilter/nfnetlink_queue
0 14332 3486 2 65531 3127 0 2122637 1
1 3554376361 0 2 65531 0 0 872094 1
2 3741616848 0 2 65531 0 0 67 1
3 2657602215 0 2 65531 0 0 49 1
4 2395967620 0 2 65531 0 0 0 1
5 3883208510 0 2 65531 0 0 1 1
[root@XXX suricata]#

tail -f /var/log/messages | grep -E “nfnetlink_queue|nf_queue”
May 23 17:46:43 XXX kernel: nfnetlink_queue: nf_queue: full at 4096 entries, dropping packets(s)
May 23 17:46:48 XXX kernel: nfnetlink_queue: nf_queue: full at 4096 entries, dropping packets(s)
May 23 17:47:00 XXX kernel: nfnetlink_queue: nf_queue: full at 4096 entries, dropping packets(s)
May 23 17:47:12 XXX kernel: nfnetlink_queue: nf_queue: full at 4096 entries, dropping packets(s)

If someone could help i would totally appreciate it!

My Hardware Specs are:
NanoPi R4S
Rockchip RK3399
big.LITTLE，Dual-Core Cortex-A72(up to 2.0GHz) + Quad-Core Cortex-A53(up to 1.5GHz) (CPU)
Mali-T864 GPU，supports OpenGL ES1.1/2.0/3.0/3.1, OpenCL, DX11, and AFBC (GPU)
4GB LPDDR4 (Memory)

roberto · 23 May 2026 19:50

Hi @grindyourbit and welcome!.

I’m sure another forum member can help you better than I can, but I’ll do my part.

Have you tried whitelisting the affected IPs? That might solve the problem.

What does the suricata log say in the IPFire console?

In the meantime, take a look at the relevant documentation.

P.S. If no one answers you, it’s because it’s such an extremely rare problem that no one can help you. In that case, you’ll need to do some research and gather more information to present here to see if anyone knows anything.

Best of luck!