NFQ IPS mode or AF_PACKET IPS mode?

Hack3rcon · November 11, 2023, 5:12am

Hello,
Is it better to run Suricata in the NFQ IPS mode or AF_PACKET IPS mode? What environment are each suitable for?

Thank you.

calelin · January 7, 2024, 10:33pm

Use AF_PACKET IPS Mode when you need high performance and resource efficiency, and you have the necessary permissions and constraints to run it as root.
Use NFQ IPS Mode when you need more flexibility in packet filtering and want to integrate Suricata with other Netfilter-based tools like iptables. It’s also a good choice for less performance-critical environments.

Topic		Replies	Views
Af-packet vs nfqueue in IPS mode Help	1	683	May 16, 2023
A question about choosing a network card Help	6	314	October 3, 2023
Question about use queue mode accept Help ips , suricata	1	341	September 13, 2023
Suricata-IDS in AF_PACKET IPS mode and IP ranges Help	5	344	November 16, 2023
IPTables and IPS Mode Help ips	3	836	February 22, 2023