suricata: Process default rules first

This patch moves the default rules to the top. This file also lists the
whitelist which should always be processed first to function.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 6fbc7b3ee1bacbf2ab17815230205d1db0f3a551..173e2e1d061eb093c948753ea36f8bf34205f263 100644 (file)
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -46,12 +46,12 @@ vars:
 ##
 default-rule-path: /var/lib/suricata
 rule-files:
-    # Include enabled ruleset files from external file.
-    include: /var/ipfire/suricata/suricata-used-providers.yaml
-
     # Include default rules.
     include: /var/ipfire/suricata/suricata-default-rules.yaml
 
+    # Include enabled ruleset files from external file.
+    include: /var/ipfire/suricata/suricata-used-providers.yaml
+
 classification-file: /usr/share/suricata/classification.config
 reference-config-file: /usr/share/suricata/reference.config
 threshold-file: /usr/share/suricata/threshold.config