CSF is one of best Linux firewall and it is not just a simple iptables firewall, it is a complete security suit that can turn your server into a robust firewall and intrusion detection system (IDS).
One of the most exciting options this firewall has is the ability to block entire countries.
Open your CSF configuration file (
/etc/csf/csf.conf) and search for the country codes section.
So, in order to block a specific country, you just need to add the country code into CC_DENY variable.
To block all traffic from China and Pakistan, you can set as follows.
=======
CC_DENY = "PK,CN"=======
Then, just restart CSF to make the changes effective.
=======
#csf -r
=======
You are done!!!
Country codes are available in the link below.
https://www.countryipblocks.net/allocation-of-ip-addresses-by-country.phpI suggest you to do this carefully due to below reasons:
* It will completely reject traffic from the specified countries and thus it will reject requests from legitimate customers too.
* This will block search engine bots that try to access your websites from the datacenters located in the blocked country.
* This will considerably use server resources to load all the blocked ranges.
Good luck
