CSF: How to block specific port from all country except one?

Usually you want to get rid of Chinese hackers, Russian spammers and Nigerian scammers that are just flowing your server with bad intentions.

CSF Is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

What is the way to block all ports except 80 from everywhere except a group of countries?

There are two possibilities

Case 1

This is the answer, but in not a good idea since country codes ranges are not accurate, may fail or take long time to update resulting in annoying blocks.

Example: allow incoming SMTP HTTP HTTPS to everyone and allow other services like FTP SSH POP3 IMAP DNS etc to the following countries USA Thailand and New Zealand

TCP_IN = 25,80,443
CC_ALLOW_PORTS = US,TH,NZ
CC_ALLOW_PORTS_TCP = 20,21,22,53,110,143,465,587,993,995
CC_ALLOW_PORTS_UDP = 20,21,53

Note: Ports in CC_ALLOW_PORTS_TCP/UDP should be removed from TCP_IN/UDP_IN to block access from elsewhere.

Case 2 ( recommended )

Block few countries but still allow them to reach some ports
Example: Block China Russia and Nigeria except http and https

CC_DENY_PORTS = NG,CN,RU
CC_DENY_PORTS_TCP = 1:79,81:442,444:65535
CC_DENY_PORTS_UDP = 1:65535

CSF is a powerful app and full of useful tools 100% recommended

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s