[Snort-users] Preventing Attacks

Snort listsnort at ...2811...
Mon Jul 1 09:36:09 EDT 2002


> Although my experience is still back on ipchains, the answer in that
> case is that -- when snort and ipchains are on the same box -- snort
> sees everything that ipchains sees.
> 
> Not what's left over, but *everything*..
> 
> I have not heard anything to the contrary about iptables, again, when
> snort and iptables *are on the same box*
> 
> (I emphasize that because invariably this sort of discussion gets
> garbled by people who are running snort on a *different box* than the
> ipchains/iptables box. Then snort only sees what ip[chains|tables] has
> passed..)

Just to confirm that this is indeed correct.  Regardless of what rules are in iptables, Snort will still see the traffic.

Matt.




More information about the Snort-users mailing list