[Snort-users] snort + iptables

andrea andrea.gasparetto at ...12680...
Fri Nov 26 00:48:24 EST 2004

I was wondering :
If I put snort on the same machine iptables is running both will catch the 
same packets or frames?
I think this is a waste of resources, isn't it?
I know snort_inline accepts only packets from iptables, so that's OK!
But what about snort? It is still using libpcap to catch the traffic, how can 
I make it listen only to the traffic iptables filter?

More information about the Snort-users mailing list