Can we run suricata in IDS mode with NFQ support

dinesh · November 25, 2024, 12:28pm

Please include the following information with your help request:

Suricata version

Operating system and/or Linux distribution

How you installed Suricata (from source, packages, something else)

Hi,

Suricata version - 7.0.7
Operating System - Ubuntu 22.04
Installed suricata from a package.

I have a requirement to run suricata with nfq in ids mode.
I am running suricata with --simulate-ips option in command line to run in IPS mode.
Without this option (–simulate-ips) if we run suricata with “suricata -Dc /etc/suricata/suricata.yaml -q 0” and action as drop it should not drop.
Can anyone suggest how we can run suricata with IDS in nfq support.

Thanks in advance for helping.

Andreas_Herz · February 12, 2025, 9:01pm

Can you share your suricata.yaml config and how you run Suricata? Ideally also at stats.log and suricata.log.

Topic		Replies	Views
Unable to run Suricata in IPS Mode Help ips , suricata	1	162	October 28, 2024
How to test Suricata-IDS? Help	1	364	November 15, 2023
Ubuntu 20.04 : how to start suricata with systemctl in NFQ mode Help	1	676	March 7, 2021
NFQ IPS mode or AF_PACKET IPS mode? Help	1	354	February 17, 2025
How to configure nfq in ips mode Help suricata	1	22	March 8, 2025

Can we run suricata in IDS mode with NFQ support

Related topics