Date: Tue, 26 Aug 2003 18:00:22 -0700 From: K Anderson <freebsduser@comcast.net> To: Lowell Gilbert <freebsd-questions-local@be-well.no-ip.com> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW & ICMP Message-ID: <3F4C02A6.2060302@comcast.net> In-Reply-To: <448ypgvd0q.fsf@be-well.ilk.org> References: <Pine.BSF.4.21.0308251956020.37550-100000@server1.ultratrends.com> <3F4AD0BA.7050201@comcast.net> <448ypgvd0q.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Lowell Gilbert wrote: > K Anderson <freebsduser@comcast.net> writes: > > >> I figure >>that the firewall should block the traffic first so as to prevent >>ruled traffic from coming in and then, in my thinking, snort shouldn't >>see it. >> >>Hopefully somebody might have an explanation with the why's and how >>comes one way or the other. > > > Your way would rule out sniffing of third-party traffic. So then it is normal behaviour for snort to see the packets then get to the firewall and then be processed? I'm up to 10K+ Cyberkit 2.2 packets in a 24 hour period.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F4C02A6.2060302>