I am running Suricata 6.0.4. I have used version 5.0 previously with an iptables front end, for IDS and bridged two interfaces.
Can I use the iptables (INPUT/FORWARD/OUTPUT) rules for a front end to Suricata in IPS Mode (non-bridged interfaces)? I have Suricata running in AF-Packet IPS mode, but no traffic comes through the iptables. Why?
Thank you.
To integrate with iptables/nftables, see
Thank you I have followed this to a T, but have the problems that I have outlined above. Anything different to offer?
The Problem I have in NFQ mode is that DHCP does not flow through the IPS.
I have found tht IPTables is not reporting the actual activities for each of the rules in the INPUT, OUTPUT and FORWARDING sections. This made me second guess the actual fundctioning of Suricata, when the issue is really the reporting from IPTables.