from the test i ran, yes it does... however, i think it depends on which machine snort is running and which machine the firewall software is running on.
my slack box is set up to masquerade my LAN as a firewall/gateway using netfilter. i installed snort on this same machine for the test. i then ssh'd to a remote shell account and tried to telnet back into my network, which netfilter DROP's by default. snort picked up all incoming TCP packets, as did netfilter. if snort was running on a machine other than the firewall/gateway, such as an internal host, i dont believe it would pick up the packets, as they would never be routed to the internal host. anyone have an idea as to what might happen if the packets were REJECT'd instead of DROP'd? cheers -- Get your free email from www.linuxmail.org Powered by Outblaze
