Skip to main content

CWP : How to Allowing Access to Specific Ports for Specific Countries ?

I have some listed ports for my services management and I want that listed ports only accessible from my country. Yes, you can choose to allowing incoming traffic by port to only a specific country or countries. Generally, this should be a better option than attempting to deny port access to a long list of countries because the firewall be working with a smaller CIDR range against which each incoming request must be checked.
My Listed Ports: 22,2030,2031,2086,2087,5550,55004,1025
To limit the ability to connect on a specific port or ports to visitors with IP addresses originating in a specific country or countries, you must:
  • close the ports in the firewall
  • define the country code allowed to connect on those blocked ports
  • specify the blocked ports to be opened for the specified country
In this example, we’re allowing access to above My Listed Ports, to IP addresses based in My Country ( Germany).

Step #1: Close the Ports in the Firewall

On the Firewall Configuration page, scroll down to the IPv4 Port Settings section, and remove the desired port number from the TCP_IN and UDP_IN & TCP6_IN and UDP6_IN (if present) fields.
Here, we’ve removed port 22,2030,2031,2086,2087,5550,55004,1025 from the allowed incoming IPV4 & IPV6 ports, effectively blocking external access to the port: ( Just Showing you IPV4, do the same for IPV6)

Step #2: Specify the Country or Countries to be Allowed

Scroll down to the Country Code Lists and Settings section and add the country code to CC_ALLOW_PORTS.

Step #3: Specify the Closed Ports to be Allowed to the Designated Country

Just below the CC_ALLOW_PORTS field, you’ll see CC_ALLOW_PORTS_TCP and CC_ALLOW_PORTS_UDP.

Step #4: Save Your Changes and Restart the Firewall

Scroll to the bottom of the Firewall Configuration page and click on the Change button.
On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.