How to Allow and Deny access in server for Countries using CSF.
It is very easy to allow and deny Countries using CSF. We must know the IP ranges to deny and allow countries. IP ranges vary from countries to countries. We can't remember all the IP Ranges. So country codes are available to use in our CSF. There are TWO variables (directives) available in CSF configuration file.They are CC_ALLOW and CC_DENY.
Login as root user in your server.
-> su root
Open CSF configuration File.
->vim /etc/csf/csf.conf
Find the CC_ALLOW varaible and add the countries which you like to allow
then Find CC_DENY variable and add the countries which you like to deny.
Ex:
CC_ALLOW = ”IN,US”
CC_DENY = “CN,NL”
In the above examples We have allowed access to india and united status contries and denied to china and netherlands.
After you make the changes, save the file and quit your text editor.
You have to restart your CSF firewall for the changes to take effect.
->csf -r
The above command will restart the CSF firewall.
Here are some of the country codes
Country codes:
AF,AL,DZ,AS,AD,AO,AI,AQ,AG,AR,AM,AW,AU,AT,AZ,BS,BH,BD,BB,BY,BE,BZ,BJ,BM,BT,BO,BA,BW,BV,BR,IO,BN,BG,BF,BI,KH,CM,CA,CV,KY,CF,TD,CL,CN,CX,CC,CO,KM,CG,CD,CK,CR,CI,HR,CU,CY,CZ,DK,DJ,DM,DO,TP,EC,EG,SV,GQ,ER,EE,ET,FK,FO,FJ,FI,FR,FX,GF,PF,TF,GA,GM,GE,DE,GH,GI,GR,GL,GD,GP,GU,GT,GN,GW,GY,HT,HM,VA,HN,HK,HU,IS,IN,ID,IR,IQ,IE,IL,IT,JM,JP,JO,KZ,KE,KI,KP,KR,KW,KG,LA,LV,LB,LS,LR,LY,LI,LT,LU,MO,MK,MG,MW,MY,MV,ML,MT,MH,MQ,MR,MU,YT,MX,FM,MD,MC,MN,MS,MA,MZ,MM,NA,NR,NP,NL,AN,NC,NZ,NI,NE,NG,NU,NF,MP,NO,OM,PK,PW,PA,PG,PY,PE,PH,PN,PL,PT,PR,QA,RE,RO,RU,RW,KN,LC,VC,WS,SM,ST,SA,SN,SC,SL,SG,SK,SI,SB,SO,ZA,GS,ES,LK,SH,PM,SD,SR,SJ,SZ,SE,CH,SY,TW,TJ,TZ,TH,TG,TK,TO,TT,TN,TR,TM,TC,TV,UG,UA,AE,GB,US,UM,UY,UZ,VU,VE,VN,VG,VI,WF,EH,YE,ZM,ZW
You can search about country codes and IP Ranges alloted for countries in any one of the search engine. Check the following URLs to know about country code and IP Range.
https://www.countryipblocks.net/allocation-of-ip-addresses-by-country.php
http://www.nirsoft.net/countryip/
