If you need to route/nat your packets then yes, NFQ is the way. AF_PACKET IPS is if you can do a bridge scenario where no routing or translation is required.
Personally I run Suricata on my Linux firewall (AlmaLinux as well) which does NAT. I just run it passively on my LAN network but I’m only a few iptables rules away from running it as an IPS… Guide: Getting Started on RHEL, CentOS and rebuild Linux Distributions