[Firehol-support] Re: snort and firehol: can they co-exist peacefully?
R G Cottrell
rossco at froggy.com.au
Tue Aug 3 08:35:54 BST 2004
Daniel Pittman wrote:
>On 3 Aug 2004, R. G. Cottrell wrote:
>
>
>>I'm running a Debian GNU/Linux system (2.4.18 kernel) and I'd like to
>>know whether firehol and snort can work together peacefully.
>>
>>
>
>[...]
>
>
>
>>I'm nervous, though. Wouldn't snort set up a firewall after boot time
>>and overwrite the firewall that firehol has set up. Do I have to run
>>firehol again after snort has initialised?
>>
>>
>
>Unless something has changed since last time I looked, snort did not
>have anything to do with firewalls of any sort.
>
>Doesn't it just collect raw packets from the network and report on them?
>
>Neither the website or the package description suggest that this has
>changed.
>
>
>I think that you are making the mistaken assumption that a firewall is
>involved in anything to do with raw packet management -- which isn't
>actually the case.
>
> Daniel
>
>
Thanks, Daniel. It is now clear to me that the intrusion detection that
snort does is quite distinct from actually protecting the machine as
firehol does.
This raises another question, though - whether snort reports on incoming
packets before they hit the firewall or after, but I guess that's a
question for
the snort support people (or preferably a Reading of The Fine Manual).
Regards, Ross.
More information about the Firehol-support
mailing list