3. Order of Processing? - PFBlockerNH/Snort

Order of Processing? - PFBlockerNH/Snort

  • J

    Hi,

    If I have both PFBlockerNG and Snort running which gets processed first?

    Or…..

    Will Snort record an alert for an IP that is blocked by PFBlockerNG?

    Granted I may be a little confused as I am a bit new to all of this....

    Thanks,

    JB

    0

  • Snort's blocks are inserted in one of the first few tables in the firewall chain, so generally Snort blocks happen early in a packet's traversal of the rules.

    Snort uses libpcap to get copies of packets flowing through the interface for inspection.  That means it will always see a packet even if that packet is later dropped by the firewall.  Snort sees traffic raw straight off the interface before the firewall rules have acted upon it.

    Bill

    0
  • J

    Excellent! That's was I was hoping.

    Thanks,

    JB

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy