Ips queue only allows ping and dhcp


My Suricata version: 7.0.3, Operating system: Oracle Linux on core 5.15, How installed Suricata: yum.
Machine: 8 network cards slaves on br0 with FORWARD call to iptables.
I need to distinguish the all macs to avoid spoofing/hacking (by line) between 8 lines in layer 2.

vision for eth1-eth2:
rules: only_alerts.rules

Concept 1 have problem when:
I have 1 queue per 1 network card per 1 process/pid
-c yaml_n_rules_for_card1.yaml -q 1
-c yaml_n_rules_for_card2.yaml -q 2
IPS queues allows only ping/dhcp_stuff but no others packets for www - question 1 is - Why?

Concept 2 have problem when:
I have all queues of cards in one process/pid
-c default_yaml_n_all_rules.yaml -q 1 -q 2
IPS queue allows all packets by br0, ok… - question 2 is - how to difference my 8 net cards in rules?


Hello. I’m not familiar with how iptables/nfq would work on a bridge interface like this, its usually used in a routing/nat setup. Could you provide more details like your iptables commands, your bridge configuration, etc?