Snort mailing list archives
RE: Snort and IPtables...
From: "Tobias Rice" <rice () up edu>
Date: Tue, 25 Mar 2003 14:33:24 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks again you all! </gratuitous email...> - -----Original Message----- From: Erick Mechler [mailto:emechler () techometer net] Sent: Tuesday, March 25, 2003 2:26 PM To: Tobias Rice Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort and IPtables... :: I'm curious how Snort (well at least libpcap) is affected by IPtables? :: <assumptions> Libpcap operates at layer 2 and IPtables above that </assumptions> :: If that is the case I'm assuming that IPtables could be tightened down without interference with Snort? I'm sure that I'm way off, so please enlighten me. Yup, you're right. libpcap is below firewalling software in the stack, so it'll see everything that crosses the wire, even things (eventually) dropped by the firewall (whatever it happens to be, and even if it's a kernel-level firewall). Cheers - Erick -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPoDZNMNinOuDXR1bEQKJYgCgwbmp1a5F2rnWodoxk8aFoyvnWAgAoMa9 YGtJx9GEcIVPdIKwegQa/Z11 =dJRk -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and IPtables... Tobias Rice (Mar 25)
- Re: Snort and IPtables... Phil Wood (Mar 25)
- Re: Snort and IPtables... Erick Mechler (Mar 25)
- RE: Snort and IPtables... Tobias Rice (Mar 25)
- Re: Snort and IPtables... Peter VE (Mar 25)
- Re: Snort and IPtables... Matt Kettler (Mar 25)
- RE: Snort and IPtables... Tobias Rice (Mar 25)