[Snort-users] From IDS to IPS

James Lay jlay at ...13475...
Mon Apr 7 16:48:00 EDT 2014

On 2014-04-07 10:31, Teo En Ming wrote:
> Dear James,
> May I know what is nfq?
> After reading through your email, I still have no idea how to go 
> about
> converting Snort from IDS to IPS.
> Could you write a more detailed manual, covering every single step
> along the way?
> Teo En Ming

NFQ is the linux netfilter queue...basically you setup snort and 
netfilter to instead of detect, to block.  I've sent Joel a writeup on 


More information about the Snort-users mailing list