• Make sure not to block any countries where your server may be pulling yum or apt-get updates from otherwise yum or apt-get will fail when you try to grab any package updates.
• Country and ASN blocks apply to incoming connections only.
Juggernaut Firewall -> Settings -> Country Settings
and enter the license key under MaxMind license key.Country source - CC_SRC
The source for where CSF downloads its country databases.
Default: 1 (MaxMind)
MaxMind license key - MM_LICENSE_KEY
MaxMind requires you to create a free account on their site and to generate a license key to use their Geolite2 databases.
Default: empty
Deny countries to all ports - CC_DENY
Deny whole country or ASN CIDR ranges. The CIDR blocks are generated from the Maxmind GeoLite2 Country database and entirely relies on that service being available.
Default: empty
Allow countries though all ports - CC_ALLOW
Allow whole country or ASN CIDR ranges. Warning: this option allows access through all ports in the firewall.
Default: empty
Only allow countries and filter - CC_ALLOW_FILTER
Only allow access from the following countries or ASN but still filter based on the port and packets rules. All other
connections are dropped.
Default: empty
LFD blocking ignore countries - CC_IGNORE
Prevent the login failure daemon from blocking IP address hits for the following countries or ASNs.
CC_LOOKUPS must me enabled to use this option.
Default: empty
LFD blocking ignore countries - CC_MESSENGER_ALLOW
Only a blocked IP that resolves to one of these country codes will be redirected to the MESSENGER service.
Default: empty
LFD blocking ignore countries - CC_MESSENGER_DENY
A blocked IP that resolves to one of those Country Codes will NOT be redirected to the MESSENGER service.
Default: empty
Ignore CIDR blocks smaller than - CC_DROP_CIDR
Ignore CIDR blocks smaller than this value when implementing CC_DENY / CC_ALLOW / CC_ALLOW_FILTER. This can help reduce the
number of CC entries and may improve iptables throughput. This will deny/allow fewer IP addresses depending on how small
you configure the option. Set to None to block all CC IP addresses.
Default: empty
Ipv4 address lookups - CC_LOOKUPS
Display Country Code and Country for reported IP addresses.
Default: 1 Range: 0-3
IPv6 address lookups - CC6_LOOKUPS
Display Country Code and Country for reported IPv6 addresses using the MaxMind Country IPv6 Database. This option must also be
enabled to allow IPv6 support to CC_*, MESSENGER and PORTFLOOD.
Default: 0
Maxmind DB retrieval interval - CC_INTERVAL
How often the login failure daemon will retrieve the Maxmind GeoLite Country database for CC_ALLOW, CC_ALLOW_FILTER,
CC_DENY, CC_IGNORE and CC_LOOKUPS (in days).
Default: 7 Range: 1-31
Allow countries to ports - CC_ALLOW_PORTS
Allow access from the following countries or ASNs to specific ports listed in CC_ALLOW_PORTS_TCP and CC_ALLOW_PORTS_UDP.
Default: empty
Allow countries to TCP ports - CC_ALLOW_PORTS_TCP
Allow access to the following TCP ports from the CC_ALLOW_PORTS
countries. All listed ports should be removed from
TCP_IN to block access from elsewhere.
Default: empty
Allow countries to UDP ports - CC_ALLOW_PORTS_UDP
Allow access to the following UDP ports from the CC_ALLOW_PORTS
countries. All listed ports should be removed from
UDP_IN to block access from elsewhere.
Default: empty
Deny countries to ports - CC_DENY_PORTS
Deny access from the following countries or ASNs to specific ports listed in CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP.
Default: empty
Deny countries to TCP ports - CC_DENY_PORTS_TCP
Deny access to the following TCP ports from the CC_DENY_PORTS countries. All listed ports should NOT be removed from
TCP_IN.
Default: empty
Deny countries to UDP ports - CC_DENY_PORTS_UDP
Deny access to the following UDP ports from the CC_DENY_PORTS countries. All listed ports should NOT be removed from
UDP_IN.
Default: empty