Block whole countries accessing server/website except you wants – CSF

Hey guys! We already discussed one of the amazing option in CSF for blocking/allowing countries. The usage of “CC_ALLOW” and “CC_DENY” to allow and deny countries with its country code.
You can refer this from the link added below:

How to block countries from server by using csf

If we use the options “CC_DENY” or “CC_ALLOW”, we have to specify the countries code to block or allow access. Here is an alternate option for blocking whole countries except we wants. How is it!!
Here is an example. If you want to allow only one country to your server, you need to specify all country codes in “CC_DENY” to block others, that’s not an easy way. We can done the same by using an alternate CSF directive.
CC_ALLOW_FILTER, by using this directive we can block all other countries to server.

# An alternative to CC_ALLOW is to only allow access from the following
# countries but still filter based on the port and packets rules. All other
# connections are dropped

How to do this?

Yep! You can do this by editing the CSF configuration file “/etc/csf/csf.conf“.

1, SSH to server as root.
2, Edit CSF conf:

vi /etc/csf/csf.conf

3, Add the countries you want to Allow:


4, Restart CSF.

csf -r

That’s it 🙂

Related links:

Install and configure csf on CentOS
CSF commands for Unix/Linux servers
Csf command not found in WHM/cPanel server
Process tracking with the help of csf


Post navigation

Arunlal A

Senior System Developer at Zeta. Linux lover. Traveller. Let's connect! Whether you're a seasoned DevOps pro or just starting your journey, I'm always eager to engage with like-minded individuals. Follow my blog for regular updates, connect on social media, and let's embark on this DevOps adventure together! Happy coding and deploying!

One thought on “Block whole countries accessing server/website except you wants – CSF

  1. I would like to block port 25/587/465/2525 ( SMTP ports ) from everywhere except my country ( India ) ?

    NOTE – PORT 80 & 443 from everywhere.

Leave a Reply

Your email address will not be published. Required fields are marked *