Hello :)
While testing Suricata, I noticed it does not seem to monitor traffic destined for the firewall itself. What I did to find this was enabled the ET_DNS rules and attempted to resolve a .tk domain using nslookup. When using an external DNS server (such as Google), I receive alerts in Suricata. But when I use OPNsense itself as the DNS server, and attempt to resolve the same domain, I receive no such alerts. Is this normal? Is it possible to configure Suricata to monitor the firewall itself for certain alerts (not just DNS)?