Snort mailing list archives

Re: Snort and IPtables...

From: Erick Mechler <emechler () techometer net>
Date: Tue, 25 Mar 2003 14:26:12 -0800

:: I'm curious how Snort (well at least libpcap) is affected by IPtables? 
:: <assumptions> Libpcap operates at layer 2 and IPtables above that </assumptions> 
:: If that is the case I'm assuming that IPtables could be tightened down without interference with Snort? I'm sure 
that I'm way off, so please enlighten me.

Yup, you're right.  libpcap is below firewalling software in the stack, so
it'll see everything that crosses the wire, even things (eventually)  
dropped by the firewall (whatever it happens to be, and even if it's a
kernel-level firewall).

Cheers - Erick


-------------------------------------------------------
This SF.net email is sponsored by:
The Definitive IT and Networking Event. Be There!
NetWorld+Interop Las Vegas 2003 -- Register today!
http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort and IPtables... Tobias Rice (Mar 25)
- Re: Snort and IPtables... Phil Wood (Mar 25)
- Re: Snort and IPtables... Erick Mechler (Mar 25)
  - RE: Snort and IPtables... Tobias Rice (Mar 25)
    - Re: Snort and IPtables... Peter VE (Mar 25)
    - Re: Snort and IPtables... Matt Kettler (Mar 25)