Country code lists allow you to allow or deny whole country CIDR ranges. The CIDR blocks are generated from the Maxmind GeoLite Country database and relies on that service being available.
Additionally, ASN numbers can also be used for the options CC_DENY CC_ALLOW CC_ALLOW_FILTER CC_ALLOW_PORTS CC_DENY_PORTS CC_IGNORE . The same warnings for Country Codes apply
to the use of ASNs. Learn more about Autonomous System Numbers (ASN)
• Some of these country lists contain thousands of IP addresses and could cause serious network and/or performance issues, so make sure that you enable
LF_IPSETin/etc/csf/csf.confif your operating system supports it.
• These lists are never 100% accurate and some ISP's (e.g. AOL) use non-geographic IP address designations for their clients.
•CC_ALLOWallows access through all ports in the firewall. For this reasonCC_ALLOWprobably has very limited use andCC_ALLOW_FILTERis preferred.
| File | Description |
|---|---|
/etc/csf/csf.conf |
CC_* configuration options |