Hello,
I would like to verify the order in which incoming packets are processed
by pfSense. Currently I have two pfSense**2.0.1-RELEASE boxes in a fail
over setup. Both boxes have Snort installed.
My "assumptions" are:
1) Packets are evaluated by firewall rules first
2) Packets are then seen by Snort (based on the fact that I am only
currently running Snort on the WAN interface)
3) NAT Tables are evaluated
4) Packets are sent to DMZ web servers.
My question is, are these assumptions correct? If not could someone
please post the corrected order?
Based on these assumptions I am planning to block all but expected
traffic with the firewall rules, run all passed traffic through Snort
rules with automatic blocking and running a Snort Rule set that has some
very broad scope rules first that pertain to traffic that it should not
normally see in case I miss-configure something in the firewall rules
and then apply more specific attack rules for the traffic that I am
allowing through, and finally pass traffic to DMZ via their NAT'd addresses.
Sound reasonable or am I missing the mark completely?
Thank You,
JohnM
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
