PFSense - Suricata - Pass Lists
- Setup a Passlist
References

PFSense - Suricata - Pass Lists

IMPORTANT: Passlists should NOT be used.

Realistically, about the only time that you should require a Passlist is if you are running a honeypot host and you actually want bad stuff to find its way to that host.

In that situation, a passlist makes sense.

For about any other case, it does not.

Use custom PASS rules instead if you really need passlist functionality.

Setup a Passlist

Setup an Alias for Custom IP Addresses

Navigate to Firewall → Alias → IP

Click Add
Change the Name as required.
Enter the Description.
Add in Hosts as needed.

Setup the Passlist

Navigate to Services > Suricata > Pass Lists.

Click Add
Change the Name as required.
Enter the Description.
Ensure that all items under the Auto-Generated IP Addresses are ticked.
Select an existing Alias within the Assigned Alias.

Enable use of this Passlist

Navigate to Services → Suricata → Interfaces.

Against the Interface to apply this Passlist to, such as WAN, click on the Edit option under Actions.
Within the “Networks Suricata Should Inspect and Protect” section, select the Passlist instead of the Default.
- Home Net
- External net

Restart