Greetings from newbie.. I've been asked by my customer that with snort package installed, how does the sequence of packet flow? Is the packet being sniffed by snort first before the firewall or is it the other way.
They are saying that it should be going thru the snort first so that attacks can be detected and mitigated before it is process by pfsense firewall rules.
Can someone enlighten me?
Appreciate all your response.
sniffed first: promiscuous mode