locking down snort

["Jose Guevarra" <jose () iquest ucsb edu>]

Hi,


 I have some machines running snort.  I'd like to restrict ssh/http and
other access to them. However, I'm not sure if in doing so, would snort not
'grab' and analyze traffic hitting those ports.  I guess I'm asking 

- if I blocked those ports from the outside world would I still detect say a
port scan on those ports?

- Who captures the packets first: Firewall(IPTABLES) or SNORT?

Thanks, 



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------