[Snort-users] Snort + ipchains

John Sage jsage at ...2022...
Sun Mar 3 21:09:05 EST 2002


Ashley:

If I've understood your question correctly, yes, snort will see packets
that are DENY'ed by ipchains *if* snort is running on the same box as
ipchains.

That's exactly what I'm doing, and snort sees everything ipchains
does.

If snort is off on another box, behind the ipchains box, it's another
matter entirely.

HTH..


- John

-- 
Most people don't type their own logfiles;  but, what do I care?



On Sun, Mar 03, 2002 at 08:35:05PM -0500, Ashley Thomas wrote:
> hi,
> 
> I need to run snort inside the firewall as well as outside it.
> 
> I need to run outside to know the attacks which cannot make it thru
> the firewall.
> 
> So if i run snort on the same machine , will snort see the packets which
> are blocked by the firewall (ipchains).
> 
> thanks
> ashley




More information about the Snort-users mailing list