Inline Configuration not working

  • Version - 6.0.10

  • Installed via apt

  • Debian Linux Distro

  • Flow Diagram - WAN -> Suricata -> Traefik + Crowdsec

I am trying to setup suricata in “Inline” mode so it can analyse the packets prior to my reverse proxy receiving the packets.
I added the following rule into my iptables but it seems like it just doesnt let the request through.

sudo iptables -I FORWARD -p tcp --dport 443 -j NFQUEUE --queue-num 0
and i have tried
sudo iptables -I INPUT -j NFQUEUE --queue-num 0

Any help would be appreciated.

edit:
as a test i added the following rules into my local.rules to see if it is dropping traffic.
# Block all TCP traffic on port 443 drop tcp any any -> any 443 (msg:"Blocking all HTTPS TCP traffic"; sid:100001; rev:1;)

# Block all UDP traffic on port 443 (for HTTP/3)
drop udp any any -> any 443 (msg:"Blocking all HTTPS UDP traffic (HTTP/3)"; sid:100002; rev:1;)

suricata.yaml (73.0 KB)