[Snort-users] iptables vs snort vs portsentry order
sonia at ...8932...
Sun Apr 20 21:02:07 EDT 2003
In what order would packets traverse iptables, snort, & portsentry?
I've printed and read both the FAQ & 'Snort Overview'; searching the archives
> Jacob Redding
> Since iptables works with the kernel, and they are dropped by the
> kernel, iptables is first. All packets that make it past iptables are then
> passed to applications(I'm not talking layers, just an analogy), in this
> case snort.
> This seems to contradict the conclusion I got from the list archives.
> It seems that iptables is processing traffic before snort gets a chance to
> see it. Snort is putting the NIC in promiscuous mode. But it doesn't see
> traffic iptables is configured to block unless I flush the IPtables rules.
> Is something misconfigured with snort for me? Did I draw the wrong
> conclusion from the list?
So from these it would seem that iptables sees the packets before snort; how
would portsentry fit in here?
Sonia | GNU/Linux - free as in 'free speech',
| not 'free beer'.
More information about the Snort-users