[Unit]
Description=Suricata IDS/IDP daemon
After=network.target
Requires=network.target
Documentation=man:suricata(8) man:suricatasc(8)
Documentation=https://redmine.openinfosecfoundation.org/projects/suricata/wiki

[Service]
Type=simple
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW
RestrictAddressFamilies=
ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml eth0
ExecReload=/bin/kill -HUP $MAINPID
PrivateTmp=yes
ProtectHome=yes
ProtectSystem=yes

[Install]
WantedBy=multi-user.target