IPFW & ICMP

[Lowell Gilbert]

K Anderson <freebsduser at comcast.net> writes:

>                                                              I figure
> that the firewall should block the traffic first so as to prevent
> ruled traffic from coming in and then, in my thinking, snort shouldn't
> see it.
> 
> Hopefully somebody might have an explanation with the why's and how
> comes one way or the other.

Your way would rule out sniffing of third-party traffic.