Suricata Pfsense tuning

New to learning and tuning Suricata. I am self-hosting a unifi controller, and sometimes I have to go to the Snort2C Tables under diagnostics and delete a client’s IP address being blocked. Do I need to add the client’s IP to the IP Pass List (Default) under Suricata, Interfaces, Lan Settings?

I cover Snort in this video, but the same applies to Suircata and the interfaces are mostly the same. False positives are part of running the system and removing any rules that keep triggering.

1 Like