The utilization of the Internet of Things (IoT) has burst in recent years. Fog computing is a notion that solves cloud computing's limitations by offering low latency to IoT network user applications. However, the significant number of networked IoT devices, the large scale of the IoT, security concerns, users’ critical data, and heterogeneity in this extensive network significantly complicate the implementation. The IoT-Fog architecture consists of fog devices (servers) at the fog layer, which decreases network utilization and response time due to their closeness to IoT devices. However, as the number of IoT and fog devices under the IoT-Fog architecture grows, new security concerns and requirements emerge. Because incorporating fog computing into IoT networks introduces some vulnerabilities to IoT-Fog networks, the nodes in the fog layer are the target of security threats. Software-Defined Networking (SDN) is a novel paradigm that decouples the data plane from control plane, resulting in better programmability and manageability. Attack defense mechanisms can be implemented in the IoT-Fog network without SDN. But SDN paradigm provides the IoT-Fog with some characteristics that facilitate counterattacks. This survey briefly explains some works that utilized the SDN features in the IoT-Fog network for security threats in the IoT-Oriented fog layer. To this end, we examine IoT-Fog, SDN, and SDN-based IoT-Fog networks. We describe security threats in IoT-Fog networks and briefly explain the vulnerabilities and attacks in the fog layer. Then, we describe the fog layer's most common IoT-Fog security defense mechanisms. Following that, we present the SDN features, explore how SDN can help defensive mechanisms in IoT-Fog networks, and categorize the works based on the SDN features they use. We explain their features and present a comparison between them. Finally, we discuss the disadvantages of SDN in IoT-Fog networks.