[Snort-users] Newbie question

Erick Mechler emechler at ...7719...
Mon Apr 21 12:55:04 EDT 2003


:: I am now to IDS and Snort and have a question.  Does having iptable rules
:: setup on the machine affect it in any way?  Oh, it will be behind our
:: firewall.

Chris, if you have firewall software installed on the same system as your 
IDS, then the FW won't affect what your IDS can see.  Snort uses libpcap, 
which is lower on the TCP stack than your FW, so it will see packets before 
they get dropped.

Also, please be sure to check the FAQs and the mailing list archives for
information before posting to the list in the future.  This question has
been answered a few times already in the past.

Cheers - Erick




More information about the Snort-users mailing list