[Oisf-users] Whitelist By Country
Chris Boley
ilgtech75 at gmail.com
Mon Jul 10 19:49:47 UTC 2017
This isn't really suricata specific, but more an IPTABLES based thought. If
you were running as an IPS inline, you could utilize IPTABLES for "-j
ACCEPT" certain country blocks though before sending the remainder to
NFQUEUE for inspection.
Here's a bit about the iptables part.
https://www.cyberciti.biz/faq/block-entier-country-using-iptables/
Of course if not utilizing nfqueue, this would be moot.
CB
On Mon, Jul 10, 2017 at 2:09 PM Mesra.net CEO <admin at mesra.my> wrote:
> Dear All,
>
> How can i whitelist by countries on Suricata, let say i have few rules
> with DROP, i need suricata will ignore or bypass the IP let say from
> Singapore, so how can i use something like geoip module on Suricata?
>
> Please advice. TQ
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170710/9759aa37/attachment-0002.html>
More information about the Oisf-users
mailing list