>Maybe is suricata better? What are the difference? I've never tried suricata so I cant say if its better, but snort works pretty well. There is one problem with snort, however. It can watch incoming traffic as well as outgoing traffic.
But when snort watches outgoing traffic, it flags and blocks almost everything. That's too much trouble for me, so I have snort setup to only watch incoming traffic. Even then, you will have to watch the alert and blocked lists to make sure it doesn't block sites you need. That doesn't happen too often, though. When it does happen, you just click to add those rules to the suppress list and remove the ip addresses from the blocked list. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
