IDS mailing list archives

Re: Snort & iptables on the same box

From: snort user <snort.user () gmail com>
Date: Mon, 13 Jun 2005 18:25:04 -0400

Iptables has a bunch of rules
one of them will say 'forward to QUEUE'
Snort picks up from this QUEUE and marks it PASS or BLOCK
Iptables actually drops on that decision
Other IPtables rules are not affected


On 6/10/05, Jean-Pierre Denis <jp () webglobe ca> wrote:

Hi,


 When running snort and iptables on the same box, which of the 2 act first ?

 Those it go thru snort and then the iptable rule allow or deny the
connection
 or it's the other way around


Merci,
JP


-----------------------------------------
 WebMail Powered by WebGlobe.
 http://www.webglobe.ca


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

Current thread:

Snort & iptables on the same box Jean-Pierre Denis (Jun 12)
- Re: Snort & iptables on the same box Will Metcalf (Jun 14)
  - Re: Snort & iptables on the same box Michael Boman (Jun 16)
- Re: Snort & iptables on the same box Joachim Schipper (Jun 14)
- Re: Snort & iptables on the same box Michael Boman (Jun 14)
- Re: Snort & iptables on the same box snort user (Jun 16)