Table of Contents

PFSense - Suricata - Install Suricata - Have Suricata Monitor the LAN Interface

Copy the WAN settings to LAN

Navigate to Services → Suricata → Interfaces.

Against the previously configured WAN interface, select to make a copy:


Configure LAN

The settings will initially be the same as previously configured for the WAN.

Change these settings for the LAN:

NOTE: It is highly recommended to not enable blocking on the LAN at first.

This could result in internal devices being locked out until they were released.

Instead, recommendation to run without blocking for say a week or so, checking what alerts are raised against the LAN, and suppressing any false positives as needed.

Once happy with the changes, say after a week, then Check the Block Offenders.