Navigate to Services → Suricata → Interfaces.

Click Add.

In General Settings:

• Enable: Checked.
• Interface: WAN (pppoe0).
• Description: WAN.

In Logging Settings:

• Send Alerts to System Log: Not Checked.
• Enable Stats Collection: Not Checked.
• Enable HTTP Log: Checked.
• Append HTTP Log: Checked.
• Log Extended HTTP Info: Checked.
• Enable TLS Log: Not Checked.
• Enable File-Store: Not Checked.
• Enable Packet Log: Not Checked.

In EVE Output Settings:

• EVE JSON Log: Not Checked.

In Alert and Block Settings:

• Block Offenders: Checked.
• IPS Mode: Legacy Mode.
• Kill States: Checked.
• Which IP to Block: Both.
• Block On DROP Only: Not Checked.

In Performance and Detection Engine Settings:

• Run Mode: AutoFP.
• Max Pending Packets: 1024.
• Detect-Engine Profile: High.
• Pattern Matcher Algorithm: Auto.
• Signature Group Header MPM Context: Auto.
• Inspection Recursion Limit: 3000.
• Delayed Detect: Not Checked.
• Promiscuous Mode: Checked.
• Interface PCAP Snaplen: 1518.

In Networks Suricata Should Inspect and Protect:

• Home Net: default:
• External Net: default.
• Pass List: default.

In Alert Suppression and Filtering:

• Alert Suppression and Filtering: WANSuppressList. Changed from default.

In Arguments here will be automatically inserted into the Suricata configuration:

• Advanced Configuration Pass-Through: <blank>.

Click on WAN Categories.

In Select the rulesets (Categories) Suricata will load at startup:

• Within each Ruleset, click the checkbox against whichever rules to enable.
• Ruleset: ET Open Rules:
  • emerging-attack_response.rules
  • emerging-botcc.portgrouped.rules
  • emerging-botcc.rules
  • emerging-ciarmy.rules
  • emerging-coinminer.rules
  • emerging-compromised.rules
  • emerging-current_events.rules
  • emerging-dos.rules
  • emerging-dshield.rules
  • emerging-exploit.rules
  • emerging-malware.rules
  • emerging-mobile_malware.rules
  • emerging-phishing.rules
  • emerging-scan.rules
  • emerging-worm.rules
• Ruleset: Snort Text Rules:
  • snort_attack-responses.rules
  • snort_backdoor.rules
  • snort_bad-traffic.rules
  • snort_blacklist.rules
  • snort_botnet-cnc.rules
  • snort_ddos.rules
  • snort_dos.rules
  • snort_exploit-kit.rules
  • snort_exploit.rules
  • snort_malware-backdoor.rules
  • snort_malware-cnc.rules
  • snort_malware-other.rules
  • snort_malware-tools.rules
  • snort_phishing-spam.rules
  • snort_policy-spam.rules
  • snort_scan.rules
  • snort_specific-threats.rules
  • snort_spyware-put.rules
  • snort_virus.rules
  • snort_web-attacks.rules

Navigate to Services → Suricata → Interfaces.

Click the start button.

Return to Install Suricata or continue to Have Suricata Monitor the LAN Interface.