Restricting access by port to IP addresses originating in a specific country or countries can be an effective way to help minimize the negative performance impact that country-level blocking can bring. In this example, we’re blocking access to the FTP Ports (20,21) & SMTP Ports(25,110,143,465,587,993,995) to IP addresses originating in Belgium & Bulgaria.
List the port that will be blocked in the specified country in the CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP fields.
On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.
N.B: Don't Close those ports from the TCP_IN and UDP_IN & TCP6_IN and UDP6_IN
Step #1: Specify the Country or Countries to be Denied
Scroll down to the Country Code Lists and Settings section and add the country code to CC_DENY_PORTS. Multiple countries can be comma separated with no spaces in between, and you can find a list of ISO 3166-1 alpha-2 codes at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.List the port that will be blocked in the specified country in the CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP fields.
Step #2: Save Your Changes and Restart the Firewall
Scroll to the bottom of the Firewall Configuration page and click on the Change button.On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.
N.B: Don't Close those ports from the TCP_IN and UDP_IN & TCP6_IN and UDP6_IN
Comments
Post a Comment
You are always welcome to comment here, but your remarks should be relevant to the conversation. To keep the exchanges focused and engaging, we reserve the right to remove off-topic comments, or self-promoting URLs and vacuous messages.
We will try to reply to your queries as soon as time allows.
Regards,
Admin