For AF_PACKET IPS you need 2 interfaces, it won’t work with 1. It works by creating a layer 2 bridge (ie. ethernet) between the 2 interfaces, copying packets from one to the other applying the drop rules as needed.
If you are trying to protect the host that Suricata is running on with IPS, you will have to use NFQ. I cover this for RedHat like systems here, Guide: Getting Started on RHEL, CentOS and rebuild Linux Distributions, but I can’t imagine Ubuntu is much different. Essentially you need to add iptables rules on INPUT and OUTPUT to send the packets to NFQUEUE.
This is also covered in the user guide here: 15. Setting up IPS/inline for Linux — Suricata 8.0.0-dev documentation