Hi,
I saw in the “Setting IPS/Inline for Linux” section of the documentation that I can either run suricata as a gateway or on the traffic generated by the host itself.
I was wondering if it would be possible to do them both, by passing both forward and in/output into nfqueue or if it will cause issues?
My usecase is restricting access to the network for my smart devices and IOT at home.
My solution right now is to restrict all access from the network, other than a proxy server that will run on the gateway (same device as suricata) I want to do this so devices can’t send out syns and acks to the original server, and can’t be used as part of syn attacks if they somehow got into someone’s botnet.
So I want to be able to filter both traffic being forwarded through the gateway and traffic originating from the gateway from the proxy and other services I will be running on it.
Would this cause issues? Or will it be able to deal with traffic from the different origins?