ConfigServer Community Forum

################################################## #############################
# SECTION: Country Code Lists and Settings
################################################## #############################
# Country Code CIDR to allow / deny. In the Following two options you can allow
# Or deny whole country CIDR ranges. The CIDR blocks are generated from the
# Maxmind GeoLite Country database http://www.maxmind.com/app/geolitecountry
# Entirely and relies on That service being available
#
# Specify the the two-letter ISO country code (s). The iptables rules are for
# Incoming connections only
#
# You shouldering consider using LF_IPSET When using any of the Following options
#
# WARNING: These lists are never 100% accurate and some ISPs (eg, AOL) use
# Non-geographic IP address designations for Their Clients
#
# WARNING: Some of the CIDR lists are huge and each one requires a rule within
# The incoming iptables chain. This can result in significant performance
# Overheads and could render the server inaccessible in some circumstances. For
# This reason (amongst others) we do not recommend usingthese options
#
# WARNING: Due to the resource constraints on VPS servers this feature shouldering
# Not be used on Such systems Unless you choose very small CC zones
#
# WARNING: CC_ALLOW Allows access through all ports in the firewall. For this
# Reason CC_ALLOW HAS probably very limited use and is CC_ALLOW_FILTER
# Preferred
#
# Each option is a comma separated list of CC's, eg "US, UK, DE"
CC_DENY = "CN, UA, PL, RU, KP, CZ, IN, SD"
CC_ALLOW = ""

_________________________________________________________

# This option denies access from the Following countries to specific ports
# Listed in CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP
#
# Note: The rules for this feature are inserted after the allow and deny
# Still rules to allow allo wing or IP addresses
#
# Each option is a comma separated list of CC's, eg "US, UK, DE"
CC_DENY_PORTS = "CN, UA, PL, RU, KP, CZ, IN, SD"