Yes, I can attest to this. I fwed off near everything and I see nothing in my snort logs.
- k ----- Original Message ----- From: "TD - Sales International Holland B.V." <[EMAIL PROTECTED]> To: "Claudiu Ionescu" <[EMAIL PROTECTED]>; "Security Basics" <[EMAIL PROTECTED]> Sent: Monday, October 01, 2001 9:27 AM Subject: Re: Snort question-follow-up > Firewall first, if you had read the docs you would have seen that snort > doesn't see packets dropped by the firewall, so if snort is awfully quiet > your firewall is probably blocking a lot. > > Regards > > On Thursday 27 September 2001 19:21, Claudiu Ionescu stuffed this into my > mailbox: > > Hi all, > > Some answers are pro some are con. Can someone clear things up? Any guru > > listening? > > The question is: do packets pass through ipchains/iptable first or not? > > > > Peter Mueller wrote: > > > > Question: Would packets that are dropped by the filtering > > > > rules reach snort? > > > > Please explain your answer. Thank you. > > > > > > No. Snort functions post-kernel space. On linux the packet filtering > > > (ipchains, iptables) is done at the kernel level.
