diff --git a/services/suricata.nix b/services/suricata.nix
index 4b6fa5f..34dcfd7 100644
--- a/services/suricata.nix
+++ b/services/suricata.nix
@@ -5,11 +5,12 @@
     services.suricata = {
       enable = true;
 
-      # Default disabledRules covers DNP3 (2270000-2270004); add Modbus rules
-      # which also fail to parse because those protocols are disabled in the build
+      # DNP3 and Modbus are industrial SCADA protocols disabled in this build.
+      # Use regex patterns to suppress all rules for both protocols so the
+      # config test does not fail with parse errors.
       disabledRules = [
-        "2270000" "2270001" "2270002" "2270003" "2270004"
-        "2250005" "2250006" "2250007" "2250008" "2250009"
+        "re:modbus"
+        "re:dnp3"
       ];
 
       settings = {