Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Startup error post-package install

From: Research <research () nativemethods com>
Date: Thu, 26 Feb 2015 20:32:58 -0500

On Feb 26, 2015, at 4:27 PM, James Lay <jlay () slave-tothe-box net> wrote:

One last question remains - my firewall is set to block all ICMP traffic and this shows up when running a ping on 
another machine against the firewall - the responses are dropped and ping breaks.  However, on the server that the 
firewall is on, Snort is able to see the ICMP traffic and fire the rule.


Does this mean that Snort is looking at traffic *BEFORE* iptables blocks/allows it ?


Thanks
------------------------------------------------------------------------------


Indeed it is.

James


Hi,

Thanks.  I thought that was the case, based on the results I observed, but I had been under the impression that 
iptables took precedence.  Appreciate knowing how the stack works and where Snort plugs in.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: