snort and iptables

Pietro Abate abate at
Wed Jul 3 21:38:45 EST 2002

hi everybody.
I'm trying to setting up snort, but I'm in trouble.
Since I'm already using iptables to block unwanted traffic (with 
really strict rules) when snort start sniffing on my interface it sees
only the already filtered traffic. This is the 'intrusion detection
system' mode, but I would like to use it as an 'attack detection

I guess that using tun/tap modules is it possible to do something like

incoming traffic ------> eth0 (iptables) ---> my pc
                   \_____(snort) ---> log file

in other words, as it is possible to attach a stealth machine to a
network and use it as ids, I'm sure is possible to attach snort in front
of iptables and analyze all the traffic before blocking it.

Has anybody any thought about that ? I read docs around, but I didn't
find any suitable solution.

pgp key: 1024D/8A091922 2000-10-18 
Pietro Abate <abateNoMoReSpAm at>
Key fingerprint = 5111 D91B 5E0C 5CE6 FDA3  5EF4 6120 E18E 8A09 1922
public key avalaible via public key server at

More information about the linux mailing list