• Make sure not to block any countries where your server may be pulling yum or apt-get updates from otherwise yum or apt-get will fail when you try to grab any package updates.
• Country and ASN blocks apply to incoming connections only.
Juggernaut Firewall -> Settings -> Country Settings
and enter the license key under MaxMind license key.Country source - CC_SRC
The source for where CSF downloads its country databases.
Default: 1 (MaxMind)
MaxMind license key - MM_LICENSE_KEY
MaxMind requires you to create a free account on their site and to generate a license key to use their Geolite2 databases.
Default: empty
Deny countries to all ports - CC_DENY
Deny whole country or ASN CIDR ranges. The CIDR blocks are generated from the Maxmind GeoLite Country database
http://dev.maxmind.com/geoip/legacy/geolite/ and entirely relies on that service being available.
Default: empty
Allow countries though all ports - CC_ALLOW
Allow whole country or ASN CIDR ranges. Warning: this option allows access through all ports in the firewall.
Default: empty
Only allow countries and filter - CC_ALLOW_FILTER
Only allow access from the following countries or ASN but still filter based on the port and packets rules. All other
connections are dropped.
Default: empty
LFD blocking ignore countries - CC_IGNORE
Prevent the login failure daemon from blocking IP address hits for the following countries or ASNs.
CC_LOOKUPS must me enabled to use this option.
Default: empty
Ignore CIDR blocks smaller than - CC_DROP_CIDR
Ignore CIDR blocks smaller than this value when implementing CC_DENY / CC_ALLOW / CC_ALLOW_FILTER. This can help reduce the
number of CC entries and may improve iptables throughput. This will deny/allow fewer IP addresses depending on how small
you configure the option. Set to None to block all CC IP addresses.
Default: empty
Ipv4 address lookups - CC_LOOKUPS
Display Country Code and Country for reported IP addresses. This option can be configured to use the MaxMind GeoLite
Country database or the more detailed MaxMind GeoLite City database at http://dev.maxmind.com/geoip/legacy/geolite/
Default: 1 Range: 0-3
IPv6 address lookups - CC6_LOOKUPS
Display Country Code and Country for reported IPv6 addresses using the MaxMind Country IPv6 Database. This option must also be
enabled to allow IPv6 support to CC_*
, MESSENGER
and PORTFLOOD
.
Default: 0
Maxmind DB retrieval interval - CC_INTERVAL
How often the login failure daemon will retrieve the Maxmind GeoLite Country database for CC_ALLOW, CC_ALLOW_FILTER,
CC_DENY, CC_IGNORE and CC_LOOKUPS (in days).
Default: 7 Range: 1-31
Allow countries to ports - CC_ALLOW_PORTS
Allow access from the following countries or ASNs to specific ports listed in CC_ALLOW_PORTS_TCP and CC_ALLOW_PORTS_UDP
Default: empty
Allow countries to TCP ports - CC_ALLOW_PORTS_TCP
Allow access to the following TCP ports from the CC_ALLOW_PORTS
countries. All listed ports should be removed from
TCP_IN to block access from elsewhere.
Default: empty
Allow countries to UDP ports - CC_ALLOW_PORTS_UDP
Allow access to the following UDP ports from the CC_ALLOW_PORTS
countries. All listed ports should be removed from
UDP_IN to block access from elsewhere.
Default: empty
Deny countries to ports - CC_DENY_PORTS
Deny access from the following countries or ASNs to specific ports listed in CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP
Default: empty
Deny countries to TCP ports - CC_DENY_PORTS_TCP
Deny access to the following TCP ports from the CC_DENY_PORTS countries. All listed ports should NOT be removed from
TCP_IN.
Default: empty
Deny countries to UDP ports - CC_DENY_PORTS_UDP
Deny access to the following UDP ports from the CC_DENY_PORTS countries. All listed ports should NOT be removed from
UDP_IN.
Default: empty