3. Order of Processing? - PFBlockerNH/Snort

Order of Processing? - PFBlockerNH/Snort

  • J

    Hi,

    If I have both PFBlockerNG and Snort running which gets processed first?

    Or…..

    Will Snort record an alert for an IP that is blocked by PFBlockerNG?

    Granted I may be a little confused as I am a bit new to all of this....

    Thanks,

    JB

    0

  • Snort's blocks are inserted in one of the first few tables in the firewall chain, so generally Snort blocks happen early in a packet's traversal of the rules.

    Snort uses libpcap to get copies of packets flowing through the interface for inspection.  That means it will always see a packet even if that packet is later dropped by the firewall.  Snort sees traffic raw straight off the interface before the firewall rules have acted upon it.

    Bill

    0
  • J

    Excellent! That's was I was hoping.

    Thanks,

    JB

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy