Snort IPS bypass blocking

1. First of all, I use the snort-2.9.9.0 version. The mirrored data on the switch is used to communicate with the outside world to eth0,eth1. You can make sure that the data has been mirrored to eth0;
2.iptables and put the PREROUTING and INPUT,FORWORD of eth0 port nat into NFQUEUE. HOME_NET any
4. Set in
3.snort.conf The problem I encounter now is: when I set up local.rules, enter the command snort-Q-- daq nfq-- daq-var device=eth0-- daq-var queue=1-c etc/snort.conf, if it is any < > any, you can see that there is log input in alert, but there is no IP record related to my communication test program (IP is non-native). When I execute snort-v, you can see my test IP record, and tcpdump grabs the eth0 package. But from the beginning to the end, my communication test was not blocked, and there was no record of my testing IP in the alert file.
5. I would like to ask all the great gods, what is wrong with my configuration? do you need special configuration, or does snort"s IPS do not support bypass blocking? if not, can you provide a better open source bypass blocking IPS? -sharp-sharp-sharp problem description

the environmental background of the problems and what methods you have tried

related codes

/ / Please paste the code text below (do not replace the code with pictures)

what result do you expect? What is the error message actually seen?

C
Mar.30,2021
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b3df6e-e926.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b3df6e-e926.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?