services.suricata.settings.host-mode
NixOS option
If the Suricata box is a router for the sniffed networks, set it to ‘router’. If it is a pure sniffing setup, set it to ‘sniffer-only’. If set to auto, the variable is internally switched to ‘router’ in IPS mode and ‘sniffer-only’ in IDS mode. This feature is currently only used by the reject* keywords.
type: one of "router", "sniffer-only", "auto"Default
declared in: nixos/modules/services/networking/suricata/default.nixView source on NixOS/nixpkgs →"auto"