If you are running the Suricata instance on the WAN interface, then you can only silence unwanted alerts by suppressing them or by disablilng the particular rule SID that is alerting. When operating on the WAN, Suricata sees traffic directly from the NIC before any firewall rules have been applied. Thus you can’t use firewall rules to control what Suricata sees in that case.
Generally speaking, on firewall systems such as OPNsense and pfSense, it is better to put IDS/IPS instances on the LAN and/or other internal-facing interfaces. That way you can use the firewall rules to filter out and drop the vast majority of Internet “noise” that hits the WAN interface leaving the IDS/IPS only needing to spend resources processing traffic which made it past the firewall rules. Otherwise the IDS/IPS is expending precious computational resources to analyze traffic that is simply going to be dropped by the typical “default deny” configuration of the WAN firewall rules for inbound traffic.
I will also note that Suricata questions related to both OPSsense and pfSense should first be posted on the specific help forums for those firewall distros. That’s because both distros use a custom GUI front-end for managing the Suricata configuration. Here are links to each forum:
OPNsense: https://forum.opnsense.org/
pfSense: https://forum.netgate.com/category/53/ids-ips