This is an old revision of the document!
Table of Contents
PFSense - Suricata - Pass Lists
IMPORTANT: Passlists should not be used.
Realistically, about the only time that you should require a Passlist is if you are running a honeypot host and you actually want bad stuff to find its way to that host.
In that situation, a passlist makes sense.
For about any other case, it does not.
Use custom PASS rules instead if you really need passlist functionality.
Setup a Passlist
Setup an Alias for Custom IP Addresses
Firewall > Alias > IP
Click Add
Change the Name as required.
Enter the Description.
Add in Hosts as needed.
Setup the Passlist
Services > Suricata > Pass Lists
Click Add
Change the Name as required.
Enter the Description.
Ensure that all items under the Auto-Generated IP Addresses are ticked.
Select an existing Alias within the Assigned Alias.
Enable use of this Passlist
Services > Suricata > Interfaces >
Against the Interface to apply this Passlist to, such as WAN, click on the Edit option under Actions.
Within the “Networks Suricata Should Inspect and Protect” section, select the Passlist instead of the Default.
- Home Net
- External net