I was starting to try out the IPS on IPFire.
The wiki provides some good info and several useful links for this, and one let me to “What Every IDS User Should Do”.
Among other things it made the apparently pretty good recommended to configure all “Unused Ports”.
As IPFire knows all forwarded ports, this makes me ask if IPFire already configures suricata with the proper unused ports derived from that.
Does IPFire already run suricata with such “every IDS user” improvements to the default configuration?