[Snort-users] Where does Snort sit...

John Sage jsage at ...2022...
Sun May 13 04:00:33 EDT 2001

...as it were, in relation to ppp0 and ipchains?

As I understand it, now I've got:

               |              firewall box               |

Internet <---> ppp0 <-> ipchains <-> portsentry <-> eth0 <---> LAN

Does Snort sit between ppp0 and ipchains (which is what I hope..) or is 
it after ipchains and thus is going to see only the stuff that ipchains 
lets it?

Or does Snort get to the packets before ipchains does?

What I hope to do is more detailed probe analysis via Snort, and if it's 
behind ipchains I may have to open up my rules a little :-0


- John

John Sage
FinchHaven, Vashon Island, WA, USA
mailto:jsage at ...2022...
And remember: it's spelled l-i-n-u-x, but it's pronounced "Linux"

More information about the Snort-users mailing list