Search Our Database

Introduction

ConfigServer Security & Firewall (CSF) is an advanced iptables-based firewall used to secure Linux servers. One of CSF’s powerful features is the ability to block traffic based on a visitor’s country using GeoIP lookups.

This article explains how to configure country-based IP blocking using CSF on Ubuntu 18.04, 20.04, 22.04, and 24.04 LTS servers.

📝 Note: This guide assumes CSF is already installed and working on your server.

Pre-requisites

Before you begin:

• Ensure you have root or sudo access to the server.

• UFW should be disabled if it is active (ufw disable)

• Confirm that CSF is installed (csf -v) and running in enabled mode.

• Familiarity with editing files using vi.

Step-by-step guide

Step 1: Disable CSF Testing Mode (If Still Enabled)

CSF runs in testing mode by default after installation. To enable full blocking:

1.Open the CSF configuration file:

vi /etc/csf/csf.conf

 2.In vi:

• • Press i to enter Insert mode

  • Locate and update the following line:

    • TESTING = “1”
  • change it to:
    • TESTING = “0”
  • Press Esc, type :wq, and hit Enter to save and exit.

 3. Restart CSF to apply the changes:

csf -r

Step 2: Configure Country-Based Blocking:

1.Open the CSF configuration file:

vi /etc/csf/csf.conf

2. In vi :

• Press i to enter Insert mode

• Find the line:

  • CC_DENY =
• and add the country codes you wish to block, for example:(China , Russia)
  • CC_DENY = CN,RU
• Also ensure this line is set to:
  • CC_LOOKUPS = “1”
• Press Esc , type :wq , and hit Enter to save and exit

3.Restart CSF to activate the rules:

csf -r

✅ You can find ISO 2-letter country codes here: ISO 3166-1 alpha-2

Conclusion

Your Ubuntu server is now configured to block traffic from specific countries using CSF’s GeoIP functionality. This helps reduce risk from known high-attack regions.

If you need any further assistance, feel free to contact us at support@ipserverone.com.