Restricting access by port to IP addresses originating in a specific country or countries can be an effective way to help minimize the negative performance impact that country-level blocking can bring. In this example, we’re blocking access to the FTP Ports (20,21) & SMTP Ports(25,110,143,465,587,993,995) to IP addresses originating in Belgium & Bulgaria.
List the port that will be blocked in the specified country in the CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP fields.
On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.
N.B: Don't Close those ports from the TCP_IN and UDP_IN & TCP6_IN and UDP6_IN
Step #1: Specify the Country or Countries to be Denied
Scroll down to the Country Code Lists and Settings section and add the country code to CC_DENY_PORTS. Multiple countries can be comma separated with no spaces in between, and you can find a list of ISO 3166-1 alpha-2 codes at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2.List the port that will be blocked in the specified country in the CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP fields.
Step #2: Save Your Changes and Restart the Firewall
Scroll to the bottom of the Firewall Configuration page and click on the Change button.On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.
N.B: Don't Close those ports from the TCP_IN and UDP_IN & TCP6_IN and UDP6_IN
Comments
Post a Comment