<HTML><HEAD></HEAD>
<BODY dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 10pt; FONT-FAMILY: 'Arial'; COLOR: #000000">
<DIV>Dear Sir,</DIV>
<DIV> </DIV>
<DIV>Thank you for the answer, let me show you my rules for whitelist IP:</DIV>
<DIV> </DIV>
<DIV>whitelistip.rules</DIV>
<DIV>- pass ip [192.0.64.0/18,103.6.182.0/23, ...72.9.144.0/20] any <>
$HOME_NET any (msg:"Whitelist IP group 1"; sid:1101; rev:1;)</DIV>
<DIV> </DIV>
<DIV>whielistgeoip.rules</DIV>
<DIV>- pass ip any any -> any any (geoip:src,SG; sid:555555555; rev:1;)</DIV>
<DIV> </DIV>
<DIV>And i have another rules for MySQL attack and i set as DROP</DIV>
<DIV> </DIV>
<DIV>Why i make those 2 whitelist is because one is group of multiple ip of
multiple countries and another one is base of GEOIP</DIV>
<DIV> </DIV>
<DIV>For example 1.1.1.1 is IP belong to Singapore, on first rules i did put the
IP on the list, and of course on 2nd rules of GEOIP also have that IP.</DIV>
<DIV> </DIV>
<DIV>So my problem why i still found the IP 1.1.1.1 on the list of DROP or wDROP
from my fast.log, suppose the IP is a whitelist ealier by 2 rules. Seem sometime
whitelist is not working very well, i also do some test from my pc and and
trying to attack MYSQL, yes seem the whitelist is work and i didnt see my pc ip
on fast.log</DIV>
<DIV> </DIV>
<DIV>Any idea what i’m wrong here ? Please advice. and thank you so much</DIV>
<DIV> </DIV>
<DIV> </DIV></DIV></DIV></BODY></HTML>