[FIXED] How to use CC_DENY and CC_ALLOW of the CSF firewall

Issue

How to use CSF Firewall features:

• CC_DENY

and

• CC_ALLOW

I am getting a lot of attempts to access ssh, so I would like to block all countries, instead of having to add them one by one.

Of course, leave only my country as allowed.

UPDATE 2020-02-13

After researching a lot I found that:

• CC_DENY = If you want to block the country, this is where you must enter the country code.

• CC_ALLOW = Here is the catch, if you put your country's code here, it will do the general release, including firewall ports. In other words, your country will not respect any rules of your firewall.

I will leave my contribution of country codes. REMOVE YOUR CODE.

CC_DENY = "AD,AE,AF,AG,AI,AL,AM,AO,AQ,AR,AS,AT,AU,AW,AX,AZ,BA,BB,BD,BE,BF,BG,BH,BI,BJ,BL,BM,BN,BO,BQ,BS,BT,BV,BW,BY,BZ,CA,CC,CD,CF,CG,CH,CI,CK,CL,CM,CN,CO,CR,CU,CV,CW,CX,CY,CZ,DE,DJ,DK,DM,DO,DZ,EC,EE,EG,EH,ER,ES,ET,FI,FJ,FK,FM,FO,FR,GA,GB,GD,GE,GF,GG,GH,GI,GL,GM,GN,GP,GQ,GR,GS,GT,GU,GW,GY,HK,HM,HN,HR,HT,HU,ID,IE,IL,IM,IN,IO,IQ,IR,IS,IT,JE,JM,JO,JP,KE,KG,KH,KI,KM,KN,KP,KR,KW,KY,KZ,LA,LB,LC,LI,LK,LR,LS,LT,LU,LV,LY,MA,MC,MD,ME,MF,MG,MH,MK,ML,MM,MN,MO,MP,MQ,MR,MS,MT,MU,MV,MW,MX,MY,MZ,NA,NC,NE,NF,NG,NI,NL,NO,NP,NR,NU,NZ,OM,PA,PE,PF,PG,PH,PK,PL,PM,PN,PR,PS,PT,PW,PY,QA,RE,RO,RS,RU,RW,SA,SB,SC,SD,SE,SG,SH,SI,SJ,SK,SL,SM,SN,SO,SR,SS,ST,SV,SX,SY,SZ,TC,TD,TF,TG,TH,TJ,TK,TL,TM,TN,TO,TR,TT,TV,TW,TZ,UA,UG,UM,US,UY,UZ,VA,VC,VE,VG,VI,VN,VU,WF,WS,YE,YT,ZA,ZM,ZW"

CC_ALLOW = ""

Solution

Use CC_DENY to block countries in your server

or

Use CC_ALLOW to whitelist countries in your server

Allowed values are two-letter ISO Country Code(s) e.g. "US,GB,DE"

Caution must be taken when using this setting as you might completely block yourself or your visitors.

A better solution might be to change the default ports of services e.g., SSH port.

Answered By - IMB

Answer Checked By - Robin (PHPFixing Admin)