Hi
I am running a PCAP on Suricata
I want it in IPS Mode
I went to /etc/default/suricata changed LISTENMODE to nfqueue ( found this in digitalocean guide)
Changed 1 Signature (2028765) from alert to drop in suricata.rules
Run sudo suricata -T -c /etc/suricata/suricata.yaml -v (To validate Rules file)
Then systemctl restart suricata
But when I again run PCAP . action is still “allowed”
what I am missing