No, it sees everything. For example running at my WAN though nearly everything is blocked it detects portscans too and will block this IP (if enabled) so it can't start a bruteforce against my open ports. If you are lucky it will even block the intruder before it reaches open ports on your system for example :-)
Holger > -----Original Message----- > From: Jason J. Ellingson [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 04, 2006 3:58 PM > To: [email protected] > Subject: RE: [pfSense-discussion] IDS yet? > > > So far, I like the new Snort package. Very nice and easy to set up. > You have my praises! > > If I am correct, the Snort package only sees traffic that was not > blocked by firewall rules? > > - Jason >
