snort vs iptables

[Yassine el]

Hy,
i have a question about the performance of linux firewall such a Netfilter or NFTables tools in comparaison with the well knowen ids/ips firewall like Suricata and Snort, i know that Netfilter apply the match procedure in the kernel space, but the other open source firewall apply these rules in the userspace part, does it mean that thing goes more faster in Netfilter? Is there any kind of resource ( book, paper,..) That discuss such a subject?