pfsense:suricata:pass_lists
Table of Contents
PFSense - Suricata - Pass Lists
IMPORTANT: Passlists should NOT be used.
Realistically, about the only time that you should require a Passlist is if you are running a honeypot host and you actually want bad stuff to find its way to that host.
In that situation, a passlist makes sense.
For about any other case, it does not.
Use custom PASS rules instead if you really need passlist functionality.
Setup a Passlist
Setup an Alias for Custom IP Addresses
Navigate to Firewall → Alias → IP
- Click Add
- Change the Name as required.
- Enter the Description.
- Add in Hosts as needed.
Setup the Passlist
Navigate to Services > Suricata > Pass Lists.
- Click Add
- Change the Name as required.
- Enter the Description.
- Ensure that all items under the Auto-Generated IP Addresses are ticked.
- Select an existing Alias within the Assigned Alias.
Enable use of this Passlist
Navigate to Services → Suricata → Interfaces.
- Against the Interface to apply this Passlist to, such as WAN, click on the Edit option under Actions.
- Within the “Networks Suricata Should Inspect and Protect” section, select the Passlist instead of the Default.
- Home Net
- External net
Restart
Navigate to Services → Suricata → Interfaces.
- Against the Interface to apply this Passlist to, such as WAN, click on the Restart option under Suricata Status.
References
pfsense/suricata/pass_lists.txt · Last modified: 2020/07/15 09:30 by 127.0.0.1