See the firehol blocklist documentation for choosing the right lists to enable.
I just use a basic set: Blocklist de, Dshield, Feodo, Spamhaus drop, Spamhaus edrop, Iblocklist abuse palevo, Sslbl, Zeus badips.
As regards suricata see the documentation to learn about the different rule categories.
I block following IPS rule categories, the others are set to alert:
BlockCategories=ET-botcc.portgrouped,ET-botcc,ET-ciarmy,ET-compromised,ET-drop,ET-dshield,ET-emerging-activex,ET-emerging-attack_response,ET-emerging-exploit,ET-emerging-malware,ET-emerging-netbios
To output your blocked categories just enter
config show suricata
in a terminal.