From a8080c86a41e4cb1231cd115421b6b532a37ebef Mon Sep 17 00:00:00 2001
From: Gabe <gabe@gabesville.com>
Date: Fri, 15 May 2026 02:50:14 +0000
Subject: [PATCH] Add
 Security_Containers/crowdsec/postoverflows/s01-whitelist/geoip-allow.yaml

---
 .../crowdsec/postoverflows/s01-whitelist/geoip-allow.yaml  | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 Security_Containers/crowdsec/postoverflows/s01-whitelist/geoip-allow.yaml

diff --git a/Security_Containers/crowdsec/postoverflows/s01-whitelist/geoip-allow.yaml b/Security_Containers/crowdsec/postoverflows/s01-whitelist/geoip-allow.yaml
new file mode 100644
index 0000000..e5b0cf8
--- /dev/null
+++ b/Security_Containers/crowdsec/postoverflows/s01-whitelist/geoip-allow.yaml
@@ -0,0 +1,7 @@
+name: crowdsecurity/geoip-allow-us-de
+description: "Block all countries except US and Germany"
+filter: "evt.Enriched.IsoCode != 'US' && evt.Enriched.IsoCode != 'DE'"
+blackhole: 1m
+labels:
+  type: geo_block
+remediation: true
\ No newline at end of file