Lowell Gilbert wrote:
K Anderson <[EMAIL PROTECTED]> writes:
I figure that the firewall should block the traffic first so as to prevent ruled traffic from coming in and then, in my thinking, snort shouldn't see it.
Hopefully somebody might have an explanation with the why's and how comes one way or the other.
Your way would rule out sniffing of third-party traffic.
So then it is normal behaviour for snort to see the packets then get to the firewall and then be processed? I'm up to 10K+ Cyberkit 2.2 packets in a 24 hour period.
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"