iptables vs snort vs portsentry order

[Sonia Hamilton <sonia () cat org au>]

In what order would packets traverse iptables, snort, & portsentry?

I've printed and read both the FAQ & 'Snort Overview'; searching the archives
I've found:

> http://marc.theaimsgroup.com/?l=snort-users&m=104033416708534&w=2
> Jacob Redding
> Since iptables works with the kernel, and they are dropped by the
> kernel, iptables is first. All packets that make it past iptables are then
> passed to applications(I'm not talking layers, just an analogy), in this
> case snort.
>
> http://marc.theaimsgroup.com/?l=snort-users&m=100164539612753&w=2
> JSeddon
>      This seems to contradict the conclusion I got from the list archives.
> It seems that iptables is processing traffic before snort gets a chance to
> see it.  Snort is putting the NIC in promiscuous mode.  But it doesn't see
> traffic iptables is configured to block unless I flush the IPtables rules.
> Is something misconfigured with snort for me?  Did I draw the wrong
> conclusion from the list?

So from these it would seem that iptables sees the packets before snort; how
would portsentry fit in here?

--
Sonia                     |   GNU/Linux - free as in 'free speech',
                          |   not 'free beer'.



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users