I don't want to discount Bill's efforts on this thread. It is absolutely the best place to start.
That said, I've recently introduced pfSense and the Snort package to a few friends who are long time, big time, professional security hawks looking for a solution at home a bit more elegant than running generations old (but affordable) dedicated firewall hardware. I believe the best "find" I have come across and directed my friends to is the "fine tuning" post started by user "jflsakfja" as this thread:https://forum.pfsense.org/index.php/topic,64674.0.html
This user requested the ability some time ago at the start of that thread to be able to edit his post in this sticky rather than having to continuously add to an existing thread. I, for one, would like this be reconsidered by the mods as the above thread is slowly being buried as time passes. I can only surmise the lack of updates as anticipated by "jflsakfja" could be because of a lack of response (evidenced by lack of edits here as of this date) to that request. Or perhaps because I've pushed him/her for more information...? If not at least maybe this post can serve as a jump point for folks looking for or could benefit from that information.
I'd like to see his/her updates continue as the schema introduced by this user may not be the absolute best way of setting up Snort and pfBlocker but its the best I've come across and certainly has made my system more efficient and less troublesome. Judging by recent posts in the Packages area, it seems many others could benefit from this schema as well.... if they knew about it.