We have a few servers that should only get local traffic. CC_ALLOW states that entering countries in the CC_ALLOW field opens all ports to all clients from that country.
That's not what we want to do, instead we only want to permit US & CA clients to access these servers, but we want other restrictions and safeguards to remain in place.
Is there a was to do this in ConfigServer?
Only local traffic
If I understand correctly, then it's not possible with csf itself. It would need a chain inserting into LOCALINPUT that contained rules for each CIDR for the specified CC which returned the check to the LOCALINPUT chain on a match. If no matches were made in the chain, then the final rule would be a DROP. You could do this using a csfpost.sh script and code in the chain yourself.
I'll consider it for a future modification as I can see how it would be useful.
I'll consider it for a future modification as I can see how it would be useful.
Cc_allow_filter
Chirpy: Thank you for CC_ALLOW_FILTER