I’m having trouble finding out the right way to implement an ids/ips system in inline mode on my bridge interface!
Is this possible? I mean can you have (suricata + XDP + eBPF) in transparent mode?
Does it work for you without eBPF/XDP? I would start from there.
Consider Suricata in inline mode as a “pipe”, that receives packets from one interface and forwards them to the other and vice versa. So in inline mode you want to have two interfaces which Suricata connects.