[Snort-users] Snort and Firewalls

David Harris davidh at ...643...
Sun Oct 15 15:28:13 EDT 2000

I have never heard of anyone running snort on their firewall itself...
Is there a reason for this besides fear of performance hits on the firewall?
This is what I do on my network... I have my gateway setup using iptables
my firewall and I have snort(with the Acid frontend) listening on my inside
interface... This way I can
have one sensor that sees all the traffic that gets though the firewall
(which is what I am worried about mostly anyway) Is there something
bad/wrong about doing this I should know?

- Thanks
  David Harris
  Network Engineer

More information about the Snort-users mailing list