Skip to main content

CWP : How to Blocking Access to Specific Ports for Specific Countries ?

Restricting access by port to IP addresses originating in a specific country or countries can be an effective way to help minimize the negative performance impact that country-level blocking can bring. In this example, we’re blocking access to the FTP Ports (20,21) & SMTP Ports(25,110,143,465,587,993,995)  to IP addresses originating in Belgium & Bulgaria.

Step #1: Specify the Country or Countries to be Denied

Scroll down to the Country Code Lists and Settings section and add the country code to CC_DENY_PORTS. Multiple countries can be comma separated with no spaces in between, and you can find a list of ISO 3166-1 alpha-2 codes at
List the port that will be blocked in the specified country in the CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP fields.

Step #2: Save Your Changes and Restart the Firewall

Scroll to the bottom of the Firewall Configuration page and click on the Change button.
On the next screen, click the Restart csf+lfd button to restart the firewall with the new settings.

N.B: Don't Close those ports from the TCP_IN and UDP_IN & TCP6_IN and UDP6_IN