There are many firewall software that you can use, but here we will share how to block certain countries using ConfigServer Security & Firewall (CSF) firewall software.
- Make sure you have installed the CSF firewall software. Please refer to this tutorial if you don't understand the basics of the CSF firewall.
- Open the /etc/csf/csf.conf file and locate the PART:Country Code List and Settings section.
- In order for the firewall to read which country this ip address belongs to, an additional license is needed, namely from MaxMind. You can register and get a free license on this page.
- Fill in the configuration as follows:
MM_LICENSE_KEY = <<key obtained>>CC_SRC = 1 - At this stage you can set which countries you want to block.
CC_DENY =CN,BR
This means that China and Brazil are blocked. In addition to country codes, you can also block certain ASNs.
What if you want to block all countries but only whitelist certain countries?
- Here you can utilize the CC_ALLOW or CC_ALLOW_FILTER feature (other than the country set, the connection will automatically be dropped).
- CC_ALLOW allows access through all ports on the firewall, for this reason it may be of very limited use and it is recommended to use CC_ALLOW_FILTER
- CC_ALLOW_FILTER is an alternative to CC_ALLOW which allows access from certain countries but still takes into account existing port and packet filters.
Contoh penggunaan :CC_ALLOW = ID
This means you whitelist Indonesia and block countries other than Indonesia.
