pfSense » pfSense Packages

Whenever suricata is re-installed, or updated (i.e. after it was previously installed and configured), it re-enables all the "Ruleset: Default Rules" rulesets/categories in all interfaces, even though it retains all the other rulesets/categories enable/disable settings.

This is a significant issue, particularly on updates, because as those rules seem to be mostly informational, when they get re-enabled especially on an interface that has blocking turned on, it causes problems, and I'm guessing that many users don't know or remember to go in and turn them back off after a pfSense/suricata update. An update (or re-install) should not change existing settings/configuration without a warning/explanation notification/popup).