[Snort-users] Snort + ipchains

John Sage jsage at ...2022...
Sun Mar 3 21:09:05 EST 2002


If I've understood your question correctly, yes, snort will see packets
that are DENY'ed by ipchains *if* snort is running on the same box as

That's exactly what I'm doing, and snort sees everything ipchains

If snort is off on another box, behind the ipchains box, it's another
matter entirely.


- John

Most people don't type their own logfiles;  but, what do I care?

On Sun, Mar 03, 2002 at 08:35:05PM -0500, Ashley Thomas wrote:
> hi,
> I need to run snort inside the firewall as well as outside it.
> I need to run outside to know the attacks which cannot make it thru
> the firewall.
> So if i run snort on the same machine , will snort see the packets which
> are blocked by the firewall (ipchains).
> thanks
> ashley

More information about the Snort-users mailing list