[Oisf-users] Whitelist By Country

Cooper F. Nelson cnelson at ucsd.edu
Mon Jul 10 19:56:10 UTC 2017

If you want to whitelist *all* traffic from a country, you could use
pass rules like this:

> pass ip any any -> any any (geoip:SG; sid:55555555; rev:1;)

If you want to just disable single rules, you could add 'geoip:!SG' to
each rule.


On 7/10/2017 11:09 AM, Mesra.net CEO wrote:
> Dear All,
> How can i whitelist by countries on Suricata, let say i have few rules
> with DROP, i need suricata will ignore or bypass the IP let say from
> Singapore, so how can i use something like geoip module on Suricata?
> Please advice. TQ
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170710/1d2ed942/attachment-0002.sig>

More information about the Oisf-users mailing list