IPFW & ICMP
K Anderson
freebsduser at comcast.net
Tue Aug 26 18:00:36 PDT 2003
Lowell Gilbert wrote:
> K Anderson <freebsduser at comcast.net> writes:
>
>
>> I figure
>>that the firewall should block the traffic first so as to prevent
>>ruled traffic from coming in and then, in my thinking, snort shouldn't
>>see it.
>>
>>Hopefully somebody might have an explanation with the why's and how
>>comes one way or the other.
>
>
> Your way would rule out sniffing of third-party traffic.
So then it is normal behaviour for snort to see the packets then get to
the firewall and then be processed? I'm up to 10K+ Cyberkit 2.2 packets
in a 24 hour period.
More information about the freebsd-questions
mailing list