Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Suricata default rules

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 469 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Antibiotic
      last edited by Antibiotic

      Hi,
      Can some1 to explain, in case if I have snort subscribes rules, can me to untick all Suricata default rules ( this rules duplicate each other?, is it better for security and false alerts? or this will reduce security and this both rules are not duplicate each other and work in combine? Using Suricata inline mode with a IPS Policy Mode - Policy.

      pfSense plus 26.03 on Topton mini PC
      CPU: Intel N100
      NIC: Intel i-226v 4 pcs
      RAM : 16 GB DDR5
      Disk: 128 GB NVMe
      Brgds, Archi

      SteveITSS 1 Reply Last reply Reply Quote 0
      • A Antibiotic referenced this topic on
      • SteveITSS Offline
        SteveITS Rebel Alliance @Antibiotic
        last edited by

        @Antibiotic I have not used the subscriber rules. I would only enable rules for the things you are protecting, for example web server rules. I do not think it would hurt to have overlapping rules, other than extra CPU time processing the packet twice.

        To upgrade, select your branch in System/Update/Update Settings. When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
        Only install packages for your version of pfSense.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.