This is not necessarily true. I have one setup where I have snort and firewall (SunScreen) on the same machine. In most cases, the firewall has blocked the packet before snort able to capture and analyze it. I think it depends on the priority level of your firewall within the kernel itself. I havent tried iptables/ipchains cum snort though.
In the dynamic configuration of firewall, I think you are referring to snort logs/report not rules because the rules remains the same. The rules instruct the snort daemon which packets to analyze, how and what alert to trigger. rowel On Tue, 12 Nov 2002, Jimmy wrote: > actually installing iptables/ipchains together with snort + blockit or > guardian is the ideal firewall solution. having this setup it makes a > dynamic firewall allowing all your services and block all malicious > connection by reading your rules in the snort. > > > On Tue, 12 Nov 2002 15:24:32 +0800 > "Ronald Warner" <[EMAIL PROTECTED]> wrote: > > > plugmembers, what are your thoughts on having both an ids (such as > > snort) and a firewall in the same box? is it advisable? thanks. > > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
