[Snort-users] snort & iptables

Jacob Redding dextor at ...7323...
Thu Dec 19 13:20:09 EST 2002


  I think the question is asking what application gets the packets first
Snort or IPTables.
  Since iptables works with the kernel, and they are dropped by the
kernel, iptables is first. All packets that make it past iptables are then
passed to applications(I'm not talking layers, just an analogy), in this
case snort.
  At least I'm 99.99% sure that iptables comes first, but I've been wrong
in the past.

  So in short. Iptables --> Snort

-Jacob

On Wed, 18 Dec 2002, twig les wrote:

> Packet analyzing can be done if you let zero packets
> thru your host firewall, whichever one you want to
> use.  Unless you have connected the two features thru
> Guardian or something they don't have any direct
> relationship that pops into my head.
>
>
> --- Eduard San Anselmo Mateu
> <esananselmo at ...6002...> wrote:
> >
> > Hello everyone,
> > I'm using snort+iptables on the same box, and I have
> > one question for you: what
> > comes first, packet analyzing (snort) or packet
> > filtering (iptables)?
> > Thanks in advance
> >
> >
> >
> -------------------------------------------------------
> > This sf.net email is sponsored by:
> > With Great Power, Comes Great Responsibility
> > Learn to use your power at OSDN's High Performance
> > Computing Channel
> > http://hpc.devchannel.org/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> > unsubscribe:
> >
> https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> =====
> -----------------------------------------------------------
> If you give a man a fish, he can eat for a day
> If you bludgeon him to death, you can eat the fish yourself
> -----------------------------------------------------------
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
>
> -------------------------------------------------------
> This SF.NET email is sponsored by: Order your Holiday Geek Presents Now!
> Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap,
> MP3 Players,  XBox Games,  Flying Saucers,  WebCams,  Smart Putty.
> T H I N K G E E K . C O M       http://www.thinkgeek.com/sf/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list