Hello everyone, I want to set up a network with 1 ubuntu server as a router. This router has 3 network cards:
-enp0s3: 10.0.0.23/24 (to internet)
-enp0s8: 192.168.0.5/24 (to web server, ftp, ssh)
-enp0s9: 172.16.0.0/12 (local network)
I want to use suricata as IPS to protect enp0s8 and enp0s9
Do I just need to put “sudo iptables -I FORWARD -j NFQUEUE”?
And do I just need to put “suricata -c /etc/suricata/suricata.yaml -s /etc/suricata/rules/suricata.rules -q0”?
Some tests with “drop” rules are not working…