K Anderson freebsduser at comcast.net
Tue Aug 26 18:00:36 PDT 2003

Lowell Gilbert wrote:
> K Anderson <freebsduser at comcast.net> writes:
>>                                                             I figure
>>that the firewall should block the traffic first so as to prevent
>>ruled traffic from coming in and then, in my thinking, snort shouldn't
>>see it.
>>Hopefully somebody might have an explanation with the why's and how
>>comes one way or the other.
> Your way would rule out sniffing of third-party traffic.

So then it is normal behaviour for snort to see the packets then get to 
the firewall and then be processed? I'm up to 10K+ Cyberkit 2.2 packets 
in a 24 hour period.

More information about the freebsd-questions mailing list