From owner-freebsd-questions Thu Jan 11 13:37:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from rush.telenordia.se (mail.telenordia.se [194.213.64.42]) by hub.freebsd.org (Postfix) with SMTP id 416B037B400 for ; Thu, 11 Jan 2001 13:37:19 -0800 (PST) Received: (qmail 19392 invoked from network); 11 Jan 2001 22:37:16 +0100 Received: from bb-62-5-7-230.bb.tninet.se (HELO web1.tninet.se) (62.5.7.230) by mail.telenordia.se with SMTP; 11 Jan 2001 22:37:16 +0100 From: Mark Rowlands Reply-To: mark.rowlands@minmail.net To: freebsd-questions@freebsd.org Subject: what happens first when ipf / snort reject packets Date: Thu, 11 Jan 2001 22:29:39 +0100 X-Mailer: KMail [version 1.1.99] Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Message-Id: <01011122293900.01277@web1.tninet.se> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have finally switched my home gateway from NT to FreeBSD woohoo!. and I got a job so its been a good day already, however :- I am running 4.2 stable with ipf and ipnat and with snort enabled on the external interface. Stupid question I guess, but which takes precedence, if ipf blocks a packet, does this mean snort never sees it? I guess tomorrow I will put the gateway on a hub and check this out but it would be nice if anyone knows this and can tell me before I go to bed and stop me lying there thinking about it:-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message