Differences

This shows you the differences between two versions of the page.

--- pfsense:suricata:install_suricata:create_suppress_lists [2021/01/15 14:18] – created peter
+++ pfsense:suricata:install_suricata:create_suppress_lists [2021/01/22 13:55] (current) – [Pass List] peter
@@ Line 1: / Line 1: @@
 ====== PFSense - Suricata - Install Suricata - Create Suppress Lists ======
+To suppress certain snort and ET signatures since initially there a bunch of False Positives.
 I prefer having different Suppress lists for each interface.
@@ Line 12: / Line 14: @@
   * Name:  **WANSuppressList**.
   * Description:  **WAN Suppress List**.
+  * Click **Save**.
 ----
@@ Line 22: / Line 25: @@
   * Name:  **LANSuppressList**.
   * Description:  **LAN Suppress List**.
+  * Click **Save**.
 ----
@@ Line 32: / Line 36: @@
   * Name:  **ClearSuppressList**.
   * Description:  **Clear Suppress List**.
+  * Click **Save**.
 ----
@@ Line 42: / Line 47: @@
   * Name:  **IOTSuppressList**.
   * Description:  **IOT Suppress List**.
+  * Click **Save**.
 ----
@@ Line 52: / Line 58: @@
   * Name:  **GuestSuppressList**.
   * Description:  **GUEST Suppress List**.
+  * Click **Save**.
 ----
+Return to [[PFSense:Suricata:Install Suricata]] or continue to [[PFSense:Suricata:Install Suricata:Have Suricata Monitor the WAN Interface|Have Suricata Monitor the WAN Interface]].
+----
+===== Pass List =====
+<WRAP alert>
+**ALERT:**  DO NOT CREATE A PASS LIST!!!
+At **Services -> Suricata -> Pass List**.
+Realistically, about the only time that you should require a Passlist is if you are running a honeypot host and you actually want bad stuff to find its way to that host.
+In that situation, a passlist makes sense.
+For about any other case, it does not.
+Use custom PASS rules instead if you really need passlist functionality.
+</WRAP>