NFQ IPS mode or AF_PACKET IPS mode?

Hack3rcon · November 11, 2023, 5:12am

Hello,
Is it better to run Suricata in the NFQ IPS mode or AF_PACKET IPS mode? What environment are each suitable for?

Thank you.

calelin · January 7, 2024, 10:33pm

Use AF_PACKET IPS Mode when you need high performance and resource efficiency, and you have the necessary permissions and constraints to run it as root.
Use NFQ IPS Mode when you need more flexibility in packet filtering and want to integrate Suricata with other Netfilter-based tools like iptables. It’s also a good choice for less performance-critical environments.

Topic		Replies	Views
Af-packet vs nfqueue in IPS mode Help	1	432	May 16, 2023
A question about choosing a network card Help	6	222	October 3, 2023
Question about use queue mode accept Help ips , suricata	1	244	September 13, 2023
Suricata-IDS in AF_PACKET IPS mode and IP ranges Help	5	206	November 16, 2023
IPTables and IPS Mode Help ips	3	600	February 22, 2023