I believe this question was answered several times and someone went as far to give you a link to a document on snort's website that sums it up very well. Not sure if you read it (I know I did). Your little snippet of an answer at the bottom is the correct answer. If you lost the link that the person kindly provided you with (he kind of did your homework for you) mail me off list and I will reprovide it for you.
Cheers, Leon -----Original Message----- From: Claudiu Ionescu [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 27, 2001 1:22 PM To: Security Basics Subject: Re: Snort question-follow-up Hi all, Some answers are pro some are con. Can someone clear things up? Any guru listening? The question is: do packets pass through ipchains/iptable first or not? Peter Mueller wrote: > > > Question: Would packets that are dropped by the filtering > > rules reach snort? > > Please explain your answer. Thank you. > > No. Snort functions post-kernel space. On linux the packet filtering > (ipchains, iptables) is done at the kernel level.