Re: Running snort on a firewall - advisable?
On Tue, Apr 02, 2002 at 10:40:25AM -0500, Nick Busigin wrote:
> I had a discussion recently with a fellow sysadmin regarding the wisdom
> of running snort on a firewall machine.
If it is a linux 2.4.x firewall, snort (at least 1.7 from testing) will
not see any of the dropped packets. I experienced this after upgrading
the kernel of my ADSL router and allowing only related and established
connections incoming dropping the rest.
See also http://www.snort.org/docs/faq.html#4.3 on this, and
http://www.snort.org/docs/faq.html#2.3
regards
FS
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: