GeoIP Not Working?

Started by spetrillo, April 13, 2022, 12:16:34 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 13, 2022, 12:16:34 AM
Hello all,

I have GeoIP setup and active with Maxmind. I have setup a number of countries that I should just drop. I have Suricata active also, in IDS mode, and I am seeing a number of hits from countries that are in my GeoIP list. Why am I seeing these, as I thought GeoIP would just drop the traffic if its part of the countries I have in my list.

Thanks,
Steve
April 19, 2022, 02:32:17 PM #1
QuoteI have setup a number of countries that I should just drop
This means you've created an alias with selected countries?
Then you can add firewallrule(s) using that/those alias(es) to block traffick.
April 19, 2022, 02:56:18 PM #2
Ok that makes sense...then what is the need for GeoIP?
Print
Go Up Pages1
User actions