Country Code Lists

Country code lists allow you to allow or deny whole country CIDR ranges. The CIDR blocks are generated from the Maxmind GeoLite Country database and relies on that service being available.

Additionally, ASN numbers can also be used for the options CC_DENY CC_ALLOW CC_ALLOW_FILTER CC_ALLOW_PORTS CC_DENY_PORTS CC_IGNORE . The same warnings for Country Codes apply to the use of ASNs. Learn more about Autonomous System Numbers (ASN)

• Some of these country lists contain thousands of IP addresses and could cause serious network and/or performance issues, so make sure that you enable LF_IPSET in /etc/csf/csf.conf if your operating system supports it.
• These lists are never 100% accurate and some ISP's (e.g. AOL) use non-geographic IP address designations for their clients.
CC_ALLOW allows access through all ports in the firewall. For this reason CC_ALLOW probably has very limited use and CC_ALLOW_FILTER is preferred.

Related Files

File Description
/etc/csf/csf.conf CC_* configuration options

Related Pages