This is my first post here. I really appreciate the youtube videos Lawrence Tech provides. They are very informative.
I am running a Netgate PfSense SG-2440 at home. I mostly use PFBlockerNG/DNSBL to block ads, trackers, and other garbage. I used to forward quite a few camera ports, but have wised up and only open port 443 TCP for OpenVPN.
I have watched the Suricata video and was wondering if it makes sense to use it at home. The WAN alert log shows lots of alerts for activity that I believe is already blocked by my firewall rules. Here is a screenshot showing some alerts on my WAN interface. Can I be sure these have been blocked by the firewall if the associated Src Ports are not open?
I don’t bother running it at home as there are too many false positives that I don’t have the time to troubleshoot. Even at our office we don’t run it on all the networks, just the ones where we have our systems and servers.
I am currently running Snort at home using the lowest level of predefined settings which is supposed to minimize false positives. Its not blocking anything yet, I don;'t see too much there in the way of alerts however.,
Truth be told, I’m not sure how much utility it really its since most traffic is https anyway and snort/suricata can’t see into that traffic.
