====== PFSense - Suricata - Pass Lists ======

<WRAP alert>
**IMPORTANT:**  Passlists should **NOT** be used.

Realistically, about the only time that you should require a Passlist is if you are running a honeypot host and you actually want bad stuff to find its way to that host.

In that situation, a passlist makes sense.

For about any other case, it does not.

Use custom PASS rules instead if you really need passlist functionality.
</WRAP>

----

===== Setup a Passlist =====

==== Setup an Alias for Custom IP Addresses ====


Navigate to **Firewall -> Alias -> IP**

  * Click **Add**
  * Change the **Name** as required.
  * Enter the **Description**.
  * Add in Hosts as needed.

----

==== Setup the Passlist ====

Navigate to **Services > Suricata > Pass Lists**.

  * Click **Add**
  * Change the **Name** as required.
  * Enter the **Description**.
  * Ensure that all items under the **Auto-Generated IP Addresses** are ticked.
  * Select an existing Alias within the Assigned Alias.

----

==== Enable use of this Passlist ====

Navigate to **Services -> Suricata -> Interfaces**.

  * Against the Interface to apply this Passlist to, such as WAN, click on the **Edit** option under **Actions**.
  * Within the "Networks Suricata Should Inspect and Protect" section, select the Passlist instead of the Default.
    * Home Net
    * External net

----

==== Restart ====

Navigate to **Services -> Suricata -> Interfaces**.

  * Against the Interface to apply this Passlist to, such as WAN, click on the **Restart** option under **Suricata Status**.

----

====== References ======

https://www.cnblogs.com/lsgxeva/p/11392627.html