On Tue, Apr 02, 2002 at 10:40:25AM -0500, Nick Busigin wrote: > I had a discussion recently with a fellow sysadmin regarding the wisdom > of running snort on a firewall machine.
If it is a linux 2.4.x firewall, snort (at least 1.7 from testing) will not see any of the dropped packets. I experienced this after upgrading the kernel of my ADSL router and allowing only related and established connections incoming dropping the rest. See also http://www.snort.org/docs/faq.html#4.3 on this, and http://www.snort.org/docs/faq.html#2.3 regards FS -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
