michaelrash.blogspot.com — Most iptables policies employ a "default QUEUE" stance when snort_inline is being used. This has the advantage of sending every packet to snort_inline, but this also comes at a price in terms of performance. By using fwsnort, you can change the "default QUEUE" stance to "only QUEUE if a packet contains malicious data".
Apr 21, 2007 View in Crawl 4
michaelrashApr 22, 2007Submitter
In some cases, using a policy built by fwsnort in this way can result in as much as a 57% performance boost in snort_inline. The link above has some performance numbers created with netperf to illustrate this.