Hello list followers,

after some reports on our community portal about a flooded IDS log
in case the tor addon is installed and activated, I tried to solve this
issue.
(https://community.ipfire.org/t/tor-and-ips-conflict-suricata-rulset-where-does-it-come-from/)

The desired solution would be to load additional suricata rules to
silence the noisy rules when tor is used. This worked pretty well so I
extended the code to be more general and such rules for any kind of
service can be written and loaded.

I collected all the changes on my personal git repository:

https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/suricata-services

For an easy testing I created a test tarball, which can
be found here:

https://people.ipfire.org/~stevee/ids-services/

As usual a README file gives deeper information and guides through
the installation process.

Please share your opinions about this approach and in case you are
testing please provide your feedback here.

A big thanks in advance,

-Stefan