[Snort-users] From IDS to IPS

James Lay jlay at ...13475...
Mon Apr 7 16:48:00 EDT 2014


On 2014-04-07 10:31, Teo En Ming wrote:
> Dear James,
>
> May I know what is nfq?
>
> After reading through your email, I still have no idea how to go 
> about
> converting Snort from IDS to IPS.
>
> Could you write a more detailed manual, covering every single step
> along the way?
>
> Teo En Ming
>

NFQ is the linux netfilter queue...basically you setup snort and 
netfilter to instead of detect, to block.  I've sent Joel a writeup on 
it.

James





More information about the Snort-users mailing list