Hi
As far as I know, iptables and snort are user space tools, so they should interact with kernel to do their tasks
I am curious to know how iptables and snort interact with kernel??
I have found some information on Internet that there are five netfilter hooks (with the same name as iptables' chains) that iptables registers its own tables there. But unfortunately there was no success on search for snort.
I would like to know how they interact with kernel because I might use them simultaneously... In a scenario to drop SSH packets (using OpenAppID in snort and dropping packets on port 22 in iptables), I found that snort have priority over iptables, meaning that if snort accepts a packet while iptables drops it, the final result is that the packet will accept.
"Snort 1.x versions can analyze layer 3 and 4 headers but are not able to analyze application layer protocols. Upcoming Snort version 2 is expected to add support of application layer headers as well."
In your case most properly iptables and snort running in different chain. Please check iptables chain specification carefully and make sure iptables will receive package first.
(For example PREROUTE will process before INPUT , etc.)