PFSense - Suricata - Install Suricata - Create Suppress Lists

PFSense - Suricata - Install Suricata - Create Suppress Lists

To suppress certain snort and ET signatures since initially there a bunch of False Positives.

I prefer having different Suppress lists for each interface.

Create a Suppress List for the WAN Interface

Navigate to Services → Suricata → Suppress.

Click Add.
Name: WANSuppressList.
Description: WAN Suppress List.
Click Save.

Create a Suppress List for the LAN Interface

Navigate to Services → Suricata → Suppress.

Click Add.
Name: LANSuppressList.
Description: LAN Suppress List.
Click Save.

Create a Suppress List for the CLEAR Interface

Navigate to Services → Suricata → Suppress.

Click Add.
Name: ClearSuppressList.
Description: Clear Suppress List.
Click Save.

Create a Suppress List for the IOT Interface

Navigate to Services → Suricata → Suppress.

Click Add.
Name: IOTSuppressList.
Description: IOT Suppress List.
Click Save.

Create a Suppress List for the GUEST Interface

Navigate to Services → Suricata → Suppress.

Click Add.
Name: GuestSuppressList.
Description: GUEST Suppress List.
Click Save.

Return to Install Suricata or continue to Have Suricata Monitor the WAN Interface.

Pass List

ALERT: DO NOT CREATE A PASS LIST!!!

At Services → Suricata → Pass List.

Realistically, about the only time that you should require a Passlist is if you are running a honeypot host and you actually want bad stuff to find its way to that host.

In that situation, a passlist makes sense.

For about any other case, it does not.

Use custom PASS rules instead if you really need passlist functionality.

Table of Contents

PFSense - Suricata - Install Suricata - Create Suppress Lists

Create a Suppress List for the WAN Interface

Create a Suppress List for the LAN Interface

Create a Suppress List for the CLEAR Interface

Create a Suppress List for the IOT Interface

Create a Suppress List for the GUEST Interface

Pass List