On Tue, 12 Nov 2002 19:06:23 +1100 (EST) Rowel Atienza <[EMAIL PROTECTED]> wrote:
> > This is not necessarily true. I have one setup where I have snort and > firewall (SunScreen) on the same machine. In most cases, the firewall has > blocked the packet before snort able to capture and analyze it. I think it > depends on the priority level of your firewall within the kernel itself. I > havent tried iptables/ipchains cum snort though. which is not true? does a firewall + snort + guardian don't make a dynamic firewall? I guess not, snort runs and makes your interface promiscous, as well as the firewall wall with content filtering (iptables or maybe your sunscreen). snort is cool with other firewall that can't do content filtering (ipchains ipfwadm, ipfw, ipfilter) due to some reasons and letting other program like snort to parse the content for filtering. And this setup makes your box a dynamic firewall. > > In the dynamic configuration of firewall, I think you are referring to > snort logs/report not rules because the rules remains the same. The rules > instruct the snort daemon which packets to analyze, how and what alert to > trigger. > > rowel True, thats what i'm talking about. > > On Tue, 12 Nov 2002, Jimmy wrote: > > > actually installing iptables/ipchains together with snort + blockit or > > guardian is the ideal firewall solution. having this setup it makes a > > dynamic firewall allowing all your services and block all malicious > > connection by reading your rules in the snort. > > > > > > On Tue, 12 Nov 2002 15:24:32 +0800 > > "Ronald Warner" <[EMAIL PROTECTED]> wrote: > > > > > plugmembers, what are your thoughts on having both an ids (such as > > > snort) and a firewall in the same box? is it advisable? thanks. > > > -- Jimmy Lim Operation & Support Team Leader Tricom _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
