IPS Rulesets suggestions

What IPS Rulesets are you guys using?

I am still new to IPfire and I have read the Wiki

So I have been using ET Community Ruleset I also tried Tallos Free.

I want to install IPfire for a small office (medical office) and want to keep it as simple as possible because everyone working there is over 60 y old. They haven’t had a Firewall or IPS in 40 years, just a consumer router .
They are ready to retire but right now they still need to get IPS to comply with something called HIPAA,

I will propose IPFire Firewall. but not sure what Ruleset to propose.

I am having difficulty even to find out exact pricing.
ET Pro was bought by Proofpoint and seems to be around 900-1000 per year, I am not sure if I could justify the cost.

Talso VRT was bought by Cisco and is 30/year for home use and 400 for commercial,

I was not able to figure out difference between ET Pro for 1000 and Talos VRT for 400

I also can;t figure out the difference between ET Community, Talos Community and Tallos Free for Registered Users.

Interesting observation about RAM usage:
ET Comminity : 350-480MB
Talos VRT Registered Free 50-60MB only

I appreciate any comments and suggestions


What IPS Rulesets are you guys using?

personally, I am happy with the ET Community Ruleset as it requires no registration anywhere and the rules are good enough for a larger SOHO setup with some modifications (enabled some scanner rules disabled by default, and disabled some others generating FPs in my setup).

I guess it might be reasonable to start with a free IPS ruleset, and see how things go from there. In case traffic is limited by a strict firewall policy anyway (please refer to this article for further information), attack surface is already pretty limited - most relevant threat would be attacks against web browsers, or similar.

While I run some IPS setups in professional environments, I rarely came across the need to buy IPS rulesets - in most cases, free ones were fine, but your mileage might vary. :slight_smile:

Thanks, and best regards,
Peter Müller

P.S.: Indeed, the pricing model of Proofpoint is difficult to understand - good luck searching further. :wink:

1 Like

Thank you Peter, I will work on you suggestions and report back.
Just one more thing:
What is " others generating FPs in my setup"?

EDIT: Never mind FPs = False Positives :innocent: