Suricata AF-PACKET IPS not dropping

Hi, im new here, if im doing something wrong pls let me know;

I’ve succesfully setup Suricata as IPS with AF-PACKET in this way:
Internet <-> router <-> suricata <-> swicth to my lan

everything work and suricata detect any “attack” in fast.log but is not actually blocking it, it is only showed as alarm but not blocked, why?

Hi, can you show an example of a rule that triggered and you thing should have dropped the traffic?

Thia one for example is the result of a test attack i did

09/26/2021-15:31:09.716478 [] [1:2400001:3022] ET DROP Spamhaus DROP Listed Traffic Inbound group 2 [] [Classification: Misc Attack] [Priority: 2] {TCP} 42.169.49.121:55226 → 192.168.1.250:0
09/26/2021-15:31:09.728897 [] [1:2400013:3022] ET DROP Spamhaus DROP Listed Traffic Inbound group 14 [] [Classification: Misc Attack] [Priority: 2] {TCP} 143.49.59.206:55370 → 192.168.1.250:0

Suricata pop this alert in fast.log but do nothing to stop the attack

Did you set the action (drop) on the signature?

Yes,i used suricata-update with modify.conf to change from alert to drop and verified by myself in suricata.rules, in fact many attacks are blocked but this hping3 flood still can get throught suricata and hit my “victim” device

Can you share version and configuration file of Suricata?
Is this hping3 flood exactly shown in the fast.log?