Added by Victor Julien over 13 years ago. Updated about 13 years ago.
Description
Often requested: add geoip support. A keyword would be nice:
geoip:US;
Or something similar.
Would the MaxMind GeoLite Country DB be OK for this?
They seem to have good accuracy and performance, and the c libraries are widely available for windows and included in most of the current Linux distributions.
Yeah that seems to be a sane choice. Performance is probably ok if combined with other rule keywords.
Merged https://github.com/inliniac/suricata/pull/247, thanks a lot!