[Snort-users] Who is first

Nick Hatch nick at ...11410...
Thu Mar 10 19:09:49 EST 2005

Snort sees the traffic first, before IPtables because it is monitoring 
the interface in promiscuous mode. See section 3.13 in the FAQ for more 

Postfix, being an application, will see the traffic last.


Eduardo E. Silva wrote:

>On a RH 9 box I have Postfix, snort and IPtables. If an email with a
>content I don't want such a SPAM. Who sees first this stream ? Postfix
>filters ? IPtables's rules or Snort smtp.rules ?
Nick Hatch
ResTek Consultant
restek.wwu.edu

