Suricata IPS NFQ Inline Setup in Transparent Mode (Ubuntu)

Help
, ,
1

Hi everyone,
I’m setting up Suricata as an IPS using NFQUEUE in inline mode on Ubuntu, in transparent mode.

Here’s my current setup:
Modem<==> [ens33|ens34|Suricata|ens32]<==> LAN

  • ens33 and ens32 have no IP addresses (transparent bridge mode).
  • ens34 in suricata machine is used for remote SSH management.

I would appreciate it if someone could guide me through the necessary steps to configure Suricata IPS properly in this setup.

Thanks in advance!

2

You could follow this 15. Setting up IPS/inline for Linux — Suricata 8.0.1-dev documentation and just use ens33 and ens32 in the section to copy between those two interfaces and keep ens34 untouched for management.

1 Like