[Snort-users] Startup error post-package install

Research research at ...17107...
Thu Feb 26 20:32:58 EST 2015


On Feb 26, 2015, at 4:27 PM, James Lay <jlay at ...13475...> wrote:
>> One last question remains - my firewall is set to block all ICMP traffic and this shows up when running a ping on another machine against the firewall - the responses are dropped and ping breaks.  However, on the server that the firewall is on, Snort is able to see the ICMP traffic and fire the rule.
>> 
>> 
>> Does this mean that Snort is looking at traffic *BEFORE* iptables blocks/allows it ?
>> 
>> 
>> Thanks
>> ------------------------------------------------------------------------------
> 
> Indeed it is.
> 
> James

Hi,

Thanks.  I thought that was the case, based on the results I observed, but I had been under the impression that iptables took precedence.  Appreciate knowing how the stack works and where Snort plugs in.



More information about the Snort-users mailing list