<div dir="ltr"><div>I want to deploy suricata as IPS in my vpc,</div>There are multiple network interfaces in my CVM, This CVM as a router between several vpcs,<div>so this CVM will forward other vpc's traffic.</div><div>For example i have eth0, eth1, eth2 three nics</div><div>How to configure the af_packet ips?</div><div><br></div><div><br></div><div><div> af-packet:</div>- interface: eth0<br>threads: auto<br>defrag: yes<br>cluster-type: cluster_flow<br>cluster-id: 99<br>copy-mode: ips<br>copy-iface: eth1<br>buffer-size: 64535<br>use-mmap: yes<br><br>- interface: eth0<br>threads: auto<br>defrag: yes<br>cluster-type: cluster_flow<br>cluster-id: 98<br>copy-mode: ips<br>copy-iface: eth2<br>buffer-size: 64535<br>use-mmap: yes<br><br>- interface: eth1<br>threads: auto<br>cluster-id: 97<br>defrag: yes<br>cluster-type: cluster_flow<br>copy-mode: ips<br>copy-iface: eth0<br>buffer-size: 64535<br>use-mmap: yes<br><br>- interface: eth1<br>threads: auto<br>cluster-id: 96<br>defrag: yes<br>cluster-type: cluster_flow<br>copy-mode: ips<br>copy-iface: eth2<br>buffer-size: 64535<br>use-mmap: yes<br><br>- interface: eth2<br>threads: auto<br>cluster-id: 95<br>defrag: yes<br>cluster-type: cluster_flow<br>copy-mode: ips<br>copy-iface: eth0<br>buffer-size: 64535<br>use-mmap: yes<br><br>- interface: eth2<br>threads: auto<br>cluster-id: 94<br>defrag: yes<br>cluster-type: cluster_flow<br>copy-mode: ips<br>copy-iface: eth1<br>buffer-size: 64535<br>use-mmap: yes</div></div>