Hi *, I've been trying to setup suricata in IPS-mode. So that every packet that passes in from a specific interface "A" is processed by suricata and passed out on egress. This seems to be not as trivial as expected after reading the package manual. I can see that the packets are passed into suricata but afterwards alot of connections are dropped and not correctly routed back to their origin. Do you have an working example for me or an explanation how to treat packets after they've been processed by suricata ? Or where these packets are even coming from ? (Which interface etc. pp. is it still the same interface as they've been entering ?)
I'd love a hint ! Best regards and thanks for your work, Stephan
