I have a question maybe i am doing something wrong
Is there someone that tried to protect a backend between 2 servers but instead a inline
Using a gre tunnel ?
With nfqueue is working perfectly but i am limited by nfqueue that is reaching full even after i put max-pending-packet on 65530
I tried the af-packet but is not filtering the packets maybe because i am still using iptables to forward the traffic for gre ?
You should follow this guide if you want to use AF_PACKET inline mode: 13. Setting up IPS/inline for Linux — Suricata 6.0.2 documentation
Hello already tried this but the packets was not dropped the suricata în fast.log it said they was drop but the traffic through gre was still coming and probably that happen because i am forwarding the packets with iptables
Please describe your setup and configuration in more detail, cause you don’t need the iptables forward anymore when you do direct copy from one to the other interface via AF_PACKET.