[Oisf-users] Whitelist By Country

Chris Boley ilgtech75 at gmail.com
Mon Jul 10 19:49:47 UTC 2017

This isn't really suricata specific, but more an IPTABLES based thought. If
you were running as an IPS inline, you could utilize IPTABLES for "-j
ACCEPT" certain country blocks though before sending the remainder to
NFQUEUE for inspection.

Here's a bit about the iptables part.

Of course if not utilizing nfqueue, this would be moot.

On Mon, Jul 10, 2017 at 2:09 PM Mesra.net CEO <admin at mesra.my> wrote:

> Dear All,
> How can i whitelist by countries on Suricata, let say i have few rules
> with DROP, i need suricata will ignore or bypass the IP let say from
> Singapore, so how can i use something like geoip module on Suricata?
> Please advice. TQ
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170710/9759aa37/attachment-0002.html>

More information about the Oisf-users mailing list