- Suricata version: 7.0.5
- Operating system and/or Linux distribution: Debian 12.5 (Bookworm)
- Installed via apt (bookworm-backports)
I am setting up Suricata on a fresh Debian 12 install and I am configuring it in IPS mode with NFQ.
What config-file do I have to edit to make it start in NFQ mode?
(it runs fine if initiated manually from CLI directly with -q 0 flags, but I am looking for a way to accomplish this when the service starts at boot time).
I have already made sure /etc/default/suricata contains line LISTENMODE=nfqueue and is set to yes as suggested here.
I am unable to decipher the script in /etc/init.d/suricata to solve this.