Date: Fri, 12 Jan 2001 13:46:14 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: Mark Rowlands <mark.rowlands@minmail.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: what happens first when ipf / snort reject packets Message-ID: <Pine.BSF.4.21.0101121333340.37678-100000@cactus.fi.uba.ar> In-Reply-To: <01011122293900.01277@web1.tninet.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 11 Jan 2001, Mark Rowlands wrote: > I have finally switched my home gateway from NT to FreeBSD woohoo!. and I > got a job so its been a good day already, however :- > > I am running 4.2 stable with ipf and ipnat and with snort enabled on the > external interface. > > Stupid question I guess, but which takes precedence, if ipf blocks a packet, > does this mean snort never sees it? I guess tomorrow I will put the gateway > on a hub and check this out but it would be nice if anyone knows this and can > tell me before I go to bed and stop me lying there thinking about it:-) Snort sees all the packets, regardless of wether ipf blocks it or not. That is because snort uses bpf(4), which is at a lower level than ipf. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0101121333340.37678-100000>