CSF Firewall Country Code Lists


With the options displayed below, you can block or allow entire countries from accessing your server. To do so, enter the country codes in a comma separated list. Even though this generates a lot of additional rules, it's valuable to some sysadmins.

These lists are never 100% accurate and some ISP's (e.g. AOL) use non-geographic IP address designations for their clients. Some of the CIDR lists are huge and each one requires a rule within the incoming iptables chain. This can result in significant performance overheads and could render the server inaccessible in some circumstances. Due to the resource constraints on VPS servers this feature should not be used on such systems unless you choose very small CC zones

cc_allow and cc_deny are comma separated lists of CC's, e.g. "US,GB,DE":

:
CC_DENY = ""
CC_ALLOW = ""
An alternative to CC_ALLOW is to only allow access from the following countries but still filter based on the port and packets rules. All other connections are dropped:

This Country Code list will prevent lfd from blocking IP address hits for the listed CC's
:
 

 CC_IGNORE = 
CC_DENY_PORTS =
This option denies access from the following countries to specific ports listed in CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP