Legacy vs Inline IPS mode for Suricata

With the recent transparent bridge video, I’m wondering what people’s thoughts are on legacy vs inline mode for IPS? Theoretically there is a latency penalty for using inline mode, but how big a penalty is it on modern hardware? Is Netmap support mature enough for inline to be stable?

These are a few questions that I haven’t been able to find good answers to. Maybe my googlefoo isn’t good enough.

There is a lot more to setting it up with inline more and only certain network cards are supported. I don’t plan to do any testing on this as there is not really a need yet.

Thanks for the link @LTS_Tom. That does look like a bit more work than Legacy mode. I think I’ll hold off playing with it at least until pfsense 2.5 comes out.