Recommendations on Categories/pfblocker

joebobcooter

Are there any best practices or sources of info on which categories of rules to run on Snort for pfsense?

I know some are a function of what the network is doing, etc, but what are the risks/returns on, say, selecting all the categories?

Some of the risks I would surmise would be the following;
1. CPU utilization
2. Memory utilization

Second q - what do I gain/lose by also implementing pfblocker on the device as well?

pfsense is protecting mainly a personal network, which I plan on adding some small websites to.

Thanks in advance for any guidance.

marcelloc

Second q - what do I gain/lose by also implementing pfblocker on the device as well?

PfBlocker apply lists of know ads,vírus,spywares, countries you do not want to access or get visits. It reduces snort work on detecting things you do not want.

Metu69salemi

@marcelloc:

Second q - what do I gain/lose by also implementing pfblocker on the device as well?

PfBlocker apply lists of know ads,vírus,spywares, countries you do not want to access or get visits. It reduces snort work on detecting things you do not want.

Marcelloc: you shouldn't post anumore or you lose leet status

marcelloc

Thanks Metu69salemi, I did a screenshot today before start posting.  :D