diff --git a/Security_Containers/crowdsec/postoverflows/s01-whitelist/geoip-allow.yaml b/Security_Containers/crowdsec/postoverflows/s01-whitelist/geoip-allow.yaml
new file mode 100644
index 0000000..e5b0cf8
--- /dev/null
+++ b/Security_Containers/crowdsec/postoverflows/s01-whitelist/geoip-allow.yaml
@@ -0,0 +1,7 @@
+name: crowdsecurity/geoip-allow-us-de
+description: "Block all countries except US and Germany"
+filter: "evt.Enriched.IsoCode != 'US' && evt.Enriched.IsoCode != 'DE'"
+blackhole: 1m
+labels:
+  type: geo_block
+remediation: true
\ No newline at end of file