There are literally thousdands of rules in some of these rulesets. One of the easiet ways I’ve for to setup IPfire is to start at the bottom and click “show” for every category on the page as I go up. Then when I reach the top I can use my browser’s “Find on page” function to search the rules by keyword. In some cases rules pertaining to a specific application can be listed under different categories. This helps to go through and quickly evaluate all of them preemptively. Later I can go to the IPS logs and see what I missed. Then i get direction on which category it is under, but I usually still need the “FInd on this page” function to locate it, because rules aren’t sorted well under categories.
Recently, an ET update enabled about a dozen rules for applications and services we use (Potential corporate policy violation) and I had to disable some rules based on the IPS logs and then go through and search for some others. The “Show All” to expand all, would have been nice and seems like an easy add.
Thanks