From c39f3c12c9ea366fd584e8e1e2122a7e4cbb66e1 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 16 Jan 2010 08:32:24 -0800
Subject: [PATCH] Add FAQ about Snort

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 docs/FAQ.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index 161a9f937..2528f222c 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -2619,5 +2619,16 @@ loc                $FW                     ACCEPT           </programlisting>
       loc-&gt;$FW since those rules are redundant with the above
       policies.</para>
     </section>
+
+    <section id="faq87">
+      <title>(FAQ 87) Can I run Snort with Shorewall?</title>
+
+      <para><emphasis role="bold">Answer</emphasis>: Yes. In <emphasis>Network
+      Intrusion Detection System (NIDS) mode</emphasis>, Snort is libpcap
+      based (like tcpdump) so it doesn't interfere with Shorewall. We have had
+      reports that users have also been successful in using Snort in
+      <emphasis>inline</emphasis> more with Shorewall, but no HOWTO exists at
+      this time.</para>
+    </section>
   </section>
 </article>