Search Our Database

How to block country-based IP addresses in CSF on Ubuntu server

Last updated on |
under
Firewall, Linux
|
by

Introduction

ConfigServer Security & Firewall (CSF) is an advanced iptables-based firewall used to secure Linux servers. One of CSF’s powerful features is the ability to block traffic based on a visitor’s country using GeoIP lookups.

This article explains how to configure country-based IP blocking using CSF on Ubuntu 18.04, 20.04, 22.04, and 24.04 LTS servers.

📝 Note: This guide assumes CSF is already installed and working on your server.

Pre-requisites

Before you begin:

  • Ensure you have root or sudo access to the server.

  • UFW should be disabled if it is active (ufw disable)

  • Confirm that CSF is installed (csf -v) and running in enabled mode.

  • Familiarity with editing files using vi.

Step-by-step guide

 

Step 1: Register for a MaxMind License Key

MaxMind requires all users to register for a free license key to download the GeoLite2 database.

  1. Go to the MaxMind account signup page:
    https://www.maxmind.com/en/geolite2/signup

  2. Complete the registration form.

  3. After registration, log in and go to the “My License Key” section.

  4. Click Generate new license key and choose No when asked if the key will be used with a web service.

  5. Copy the generated license key for use in the next step.

 

Step 2: Disable CSF Testing Mode (If Still Enabled)

CSF runs in testing mode by default after installation. To enable full blocking:

  • Open the CSF configuration file:
vi /etc/csf/csf.conf
  •  In vi:

    • Press i to enter Insert mode

    • Locate and update the following line:

      • TESTING = “1”
    • change it to:
      • TESTING = “0”
    • Press Esc, type :wq, and hit Enter to save and exit.

 

  •  Restart CSF to apply the changes:
csf -r

 

Step 2: Edit CSF Configuration File

  • Open the CSF configuration file:
vi /etc/csf/csf.conf

 

Make the following changes:

  • Enable Country Lookup Source:

    Change this value:

CC_SRC = "1"

To :

CC_SRC = "2"

This tells CSF to use the MaxMind GeoLite2 database.

  • Insert Your MaxMind License Key:

Find the line:

MM_LICENSE_KEY = ""

Replace it with:

MM_LICENSE_KEY = "your_maxmind_license_key"

Replace your_maxmind_license_key  with the actual key from Step 1.

 

  • Set Countries to Block or Allow:

To block access from specific countries (e.g., China and Russia), add the country codes to the CC_DENY list:

CC_DENY = "CN,RU"
To allow only specific countries and block all others:
CC_ALLOW = "MY,SG"

🖊️ Tip: Use ISO 3166-1 Alpha-2 country codes (e.g., US, MY, IN, CN).

 

 

Conclusion

Your Ubuntu server is now configured to block traffic from specific countries using CSF’s GeoIP functionality. This helps reduce risk from known high-attack regions.

If you need any further assistance, feel free to contact us at support@ipserverone.com.

Related Article

Related Posts