Differences

This shows you the differences between two versions of the page.

--- pfsense:suricata:install_suricata:create_suppress_lists [2021/01/22 12:19] – peter
+++ pfsense:suricata:install_suricata:create_suppress_lists [2021/01/22 13:55] (current) – [Pass List] peter
@@ Line 1: / Line 1: @@
 ====== PFSense - Suricata - Install Suricata - Create Suppress Lists ======
+To suppress certain snort and ET signatures since initially there a bunch of False Positives.
 I prefer having different Suppress lists for each interface.
@@ Line 60: / Line 62: @@
 ----
-Return to [[PFSense:Suricata:Install Suricata]] or continue to [[PFSense:Suricata:Install Suricata:Create Suppress Lists|Create Suppress Lists]].
+Return to [[PFSense:Suricata:Install Suricata]] or continue to [[PFSense:Suricata:Install Suricata:Have Suricata Monitor the WAN Interface|Have Suricata Monitor the WAN Interface]].
 ----
+===== Pass List =====
+<WRAP alert>
+**ALERT:**  DO NOT CREATE A PASS LIST!!!
+At **Services -> Suricata -> Pass List**.
+Realistically, about the only time that you should require a Passlist is if you are running a honeypot host and you actually want bad stuff to find its way to that host.
+In that situation, a passlist makes sense.
+For about any other case, it does not.
+Use custom PASS rules instead if you really need passlist functionality.
+</WRAP>