Table of Contents
PFSense - Suricata - Install Suricata - Create Suppress Lists
To suppress certain snort and ET signatures since initially there a bunch of False Positives.
I prefer having different Suppress lists for each interface.
Create a Suppress List for the WAN Interface
Navigate to Services → Suricata → Suppress.
- Click Add.
- Name: WANSuppressList.
- Description: WAN Suppress List.
- Click Save.
Create a Suppress List for the LAN Interface
Navigate to Services → Suricata → Suppress.
- Click Add.
- Name: LANSuppressList.
- Description: LAN Suppress List.
- Click Save.
Create a Suppress List for the CLEAR Interface
Navigate to Services → Suricata → Suppress.
- Click Add.
- Name: ClearSuppressList.
- Description: Clear Suppress List.
- Click Save.
Create a Suppress List for the IOT Interface
Navigate to Services → Suricata → Suppress.
- Click Add.
- Name: IOTSuppressList.
- Description: IOT Suppress List.
- Click Save.
Create a Suppress List for the GUEST Interface
Navigate to Services → Suricata → Suppress.
- Click Add.
- Name: GuestSuppressList.
- Description: GUEST Suppress List.
- Click Save.
Return to Install Suricata or continue to Have Suricata Monitor the WAN Interface.
Pass List
ALERT: DO NOT CREATE A PASS LIST!!!
At Services → Suricata → Pass List.
Realistically, about the only time that you should require a Passlist is if you are running a honeypot host and you actually want bad stuff to find its way to that host.
In that situation, a passlist makes sense.
For about any other case, it does not.
Use custom PASS rules instead if you really need passlist functionality.