Firewall plugs into a dpn device. Which intrusion detection lists should I run?

[grimelog]

I just picked up a Deeper Network Mini for creating a node in a decentralized VPN service. I don't fully trust the device to not have anything malicious on it. I think I should probably be running some intrusion detection with it being on the network.

I'm not sure which lists to turn on. I just know turning everyone on is not recommended. Which ones should I be running? Are there any other steps I can take to protect myself in case this device has malicious code on it?

Ideally, I'd completely silo it off with a second internet connection, but that's not an option with my building.