Lowell Gilbert wrote:
K Anderson <[EMAIL PROTECTED]> writes:


                                                            I figure
that the firewall should block the traffic first so as to prevent
ruled traffic from coming in and then, in my thinking, snort shouldn't
see it.

Hopefully somebody might have an explanation with the why's and how
comes one way or the other.


Your way would rule out sniffing of third-party traffic.

So then it is normal behaviour for snort to see the packets then get to the firewall and then be processed? I'm up to 10K+ Cyberkit 2.2 packets in a 24 hour period.


_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to