[Snort-users] From IDS to IPS

Joel Esler (jesler) jesler at ...589...
Mon Apr 7 16:54:04 EDT 2014

On Apr 7, 2014, at 4:48 PM, James Lay <jlay at ...13475...<mailto:jlay at ...13810...5...>> wrote:

On 2014-04-07 10:31, Teo En Ming wrote:
Dear James,

May I know what is nfq?

After reading through your email, I still have no idea how to go
converting Snort from IDS to IPS.

Could you write a more detailed manual, covering every single step
along the way?

Teo En Ming

NFQ is the linux netfilter queue...basically you setup snort and
netfilter to instead of detect, to block.  I've sent Joel a writeup on

Just posted:


Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140407/795a276f/attachment.html>

More information about the Snort-users mailing list