[Snort-users] combination of snort & ipchains

[andy lowton]

>>>>> On Tue, 16 Jan 2001, "Avleen" == Avleen Vig wrote:

  Avleen> Fyodor:  Same things happens on FreeBSD with IPF.  If IPF blocks /
  Avleen> drops a packet, SNORT cannot pick it up :( Read my last mail about
  Avleen> VLANs which I'm going to try next

Interesting, I run IPF and Snort on the same interface under OpenBSD and Snort 
picks everything up whatever IPF does.

Maybe the original poster is doing his tests from a network that Snort doesn't 
consider to be 'external' and the rules are configured to look for external->
home?

Cheers

Andy

---------------------------------------
E-Mail: andy at ...586...
PGP/GnuPG Key available on request
Cultivating a healthy uptime addiction
---------------------------------------