View Single Post
  #1   (View Single Post)  
Old 24th September 2008
WeakSauceIII WeakSauceIII is offline
Port Guard
 
Join Date: May 2008
Posts: 36
Default PF + SNORT on one machine

I use OpenBSD 4.3 for my home NAT/firewall. I recently installed SNORT 2.8.0.1 on the same machine. According to the SNORT website FAQ, SNORT will see all packets on the external interface even if PF blocks them. This seems to not be the case for OpenBSD. Does anyone know why SNORT cannot see packets that PF blocks when both PF and SNORT are operating on the same external interface? I want to see scans and other activity in the SNORT alert log even if PF blocked those packets.
Reply With Quote