[Oisf-users] Whitelist By Country
Cooper F. Nelson
cnelson at ucsd.edu
Mon Jul 10 19:56:10 UTC 2017
If you want to whitelist *all* traffic from a country, you could use
pass rules like this:
> pass ip any any -> any any (geoip:SG; sid:55555555; rev:1;)
If you want to just disable single rules, you could add 'geoip:!SG' to
each rule.
-Coop
On 7/10/2017 11:09 AM, Mesra.net CEO wrote:
> Dear All,
>
> How can i whitelist by countries on Suricata, let say i have few rules
> with DROP, i need suricata will ignore or bypass the IP let say from
> Singapore, so how can i use something like geoip module on Suricata?
>
> Please advice. TQ
>
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170710/1d2ed942/attachment-0002.sig>
More information about the Oisf-users
mailing list