IPFW & ICMP
freebsd-questions-local at be-well.no-ip.com
Tue Aug 26 05:06:48 PDT 2003
K Anderson <freebsduser at comcast.net> writes:
> I figure
> that the firewall should block the traffic first so as to prevent
> ruled traffic from coming in and then, in my thinking, snort shouldn't
> see it.
> Hopefully somebody might have an explanation with the why's and how
> comes one way or the other.
Your way would rule out sniffing of third-party traffic.
More information about the freebsd-questions