Is there a way to tune response based on severity of infraction?

I’m still learning about Suricata 5.0.2 running on Pfsense 2.4.5. I still trying to get it to actually block reasonably. Stuff is appearing on the Blocks tab and I have “Block On DROP Only” set but I never get any actual DROPs, despite having Alerts and Blocks which should be blocked. I have both my LAN and WAN interfaces enabled and in legacy mode. There are no rules being added to the firewall to actually cause those blocks to do anything. Anyone what I’m missing to enable blocking?

Is there some way to get finer control on lifetime of blocks?
I’m looking for a way to long term block clearly malicious attack attempts. Blocking a scanner that goes too far for few hours is fine but only blocking an active attacker attempting to use exploits for a few hours isn’t reasonable. That means an attacker can retry many times a day. I’m looking for expiry in the months to never on serious attacks.

That is a pfsense specific implementation of IPS mode. So this question is rather placed at the pfsense forum.

I ended up figuring the answer to 1st paragraph out myself. Can someone answer the 2nd paragraph which isn’t pfsense specific?

Since the blocking mechanism is specific to pfsense as well, the same answer applies.

In generale, not pfsense, you would have rules that trigger (and thus block) all the time or have a specific threshold.