Lowell Gilbert freebsd-questions-local at be-well.no-ip.com
Tue Aug 26 05:06:48 PDT 2003

K Anderson <freebsduser at comcast.net> writes:

>                                                              I figure
> that the firewall should block the traffic first so as to prevent
> ruled traffic from coming in and then, in my thinking, snort shouldn't
> see it.
> Hopefully somebody might have an explanation with the why's and how
> comes one way or the other.

Your way would rule out sniffing of third-party traffic.

More information about the freebsd-questions mailing list