hello,
Can nfqueue enable IPS mode without two network interfaces?
it is to know if I can activate the ips mode in this way on a virtual private server with an interface
Regards
In nfqueue mode Suricata just interacts with the queue(s). Use iptables/nftables to set the queues up correctly.
It can be used on a single host with single nic to handle traffic going in and out of a host, it can be used to handle forwarded traffic. It can be used to handle both. It all depends on the iptables/nftables rules.
https://docs.suricata.io/en/latest/setting-up-ipsinline-for-linux.html#setting-up-ips-with-netfilter
1 Like
Ok i will combine it with af-packet configuration yaml ,and with one interface like this:
af-packet:
- interface: ens37
threads: auto
cluster-type: cluster_flow
defrag: yes
nfqueue:
- queue-num: 0
mode: ips
fail-open: yes
What do you believe about this
And then i launch with the command:
sudo suricata -q 0 --af-packet ?
Right ?
Regards
nfqueue and af-packet are mutually exclusive, you just use one at a time.
ok , Ai like perplexity told me that i could combine -q and --af-packet commands. it’s strangely
regards