Firewall

How to block countries accessing server using csf?

Arunlal A6 Comments
Post Views: 9,210

Is it possible to block countries from server using CSF?

Yeah, It is very easy to block countries on your server by using an csf (Config server firewall). There is an option in the csf to block IP range from different countries.

Config Server Firewall is abbreviated as CSF. CSf is the most commonly using firewall application to secure Linux servers. CSF has wide range of options to manage Linux firewall via comman-line and from the control panel.

CSF helps to configure server firewall easily and simply.

csf-block

How to block countries in csf?

In the csf configuration file (/etc/csf/csf.conf), there is an option to block/allow access from an IP range by using country code. Here I’m going to explain how to allow or deny IP range using this feature.

For allowing a country to your server you can use the directive ‘CC_ALLOW‘ from the csf configuration file.

CC_ALLOW = ""

Similerly you can deny by using the directive ‘CC_DENY

CC_DENY = ""

Each option is a comma separated list of CC’s, e.g. “US,GB,DE”

You need to restart the csf service to get the changes to be worked. Run the following command for restarting the csf service.

csf -r

Refer this link for Other useful csf command

Country codes:

AF,AL,DZ,AS,AD,AO,AI,AQ,AG,AR,AM,AW,AU,AT,AZ,BS,BH,BD,BB,BY,BE,BZ,BJ,BM,BT,BO,BA,BW,BV,BR,IO,BN,BG,BF,BI,KH,CM,CA,CV,KY,CF,TD,CL,CN,CX,CC,CO,KM,CG,CD,CK,CR,CI,HR,CU,CY,CZ,DK,DJ,DM,DO,TP,EC,EG,SV,GQ,ER,EE,ET,FK,FO,FJ,FI,FR,FX,GF,PF,TF,GA,GM,GE,DE,GH,GI,GR,GL,GD,GP,GU,GT,GN,GW,GY,HT,HM,VA,HN,HK,HU,IS,IN,ID,IR,IQ,IE,IL,IT,JM,JP,JO,KZ,KE,KI,KP,KR,KW,KG,LA,LV,LB,LS,LR,LY,LI,LT,LU,MO,MK,MG,MW,MY,MV,ML,MT,MH,MQ,MR,MU,YT,MX,FM,MD,MC,MN,MS,MA,MZ,MM,NA,NR,NP,NL,AN,NC,NZ,NI,NE,NG,NU,NF,MP,NO,OM,PK,PW,PA,PG,PY,PE,PH,PN,PL,PT,PR,QA,RE,RO,RU,RW,KN,LC,VC,WS,SM,ST,SA,SN,SC,SL,SG,SK,SI,SB,SO,ZA,GS,ES,LK,SH,PM,SD,SR,SJ,SZ,SE,CH,SY,TW,TJ,TZ,TH,TG,TK,TO,TT,TN,TR,TM,TC,TV,UG,UA,AE,GB,US,UM,UY,UZ,VU,VE,VN,VG,VI,WF,EH,YE,ZM,ZW

Refer this link for more details : Allocation of IP addresses by Country

That’s it..

Related links

Install and configure csf on CentOS
CSF commands for Unix/Linux servers
Csf command not found in WHM/cPanel server

Post navigation

Arunlal A

Senior System Developer at Zeta. Linux lover. Traveller. Let's connect! Whether you're a seasoned DevOps pro or just starting your journey, I'm always eager to engage with like-minded individuals. Follow my blog for regular updates, connect on social media, and let's embark on this DevOps adventure together! Happy coding and deploying!

6 thoughts on “How to block countries accessing server using csf?

  1. Pingback: How to find whether the IP address is blacklisted or not in CSF | crybit
  2. Pingback: How to enable remote MySQL for an IP address on a cPanel server via CSF | crybit

  5. Is there any way this configuration can stay definitively? Because after 24hs the CSF goes back to block the IPs. Thanks!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *