Block countries but allow port 53/dns

Post Reply
bulgin23
Junior Member
Posts: 18
Joined: 06 Apr 2018, 01:17

Block countries but allow port 53/dns

Post by bulgin23 »

Hello,

I hope everyone is well.

I have a need to block countries, but allow dns querries into the server from everywhere, including those countries I've blocked.

What is the simplest solution with CSF for this?

Thanks in advance for any help.
sahostking
Junior Member
Posts: 35
Joined: 29 May 2013, 19:07
Location: Cape Town, South Africa
Contact:

Re: Block countries but allow port 53/dns

Post by sahostking »

I would say maybe using something like this unless someone else has a better idea. You could deny services, port access to many countries attacking your server by just using their country codes.

# This option denies access from the following countries to specific ports
# listed in CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP
#
# Note: The rules for this feature are inserted after the allow and deny
# rules to still allow allowing of IP addresses
#
# Each option is a comma separated list of CC's, e.g. "US,GB,DE"
CC_DENY_PORTS = ""

# This option uses the same format as TCP_IN/UDP_IN. The ports listed should
# NOT be removed from TCP_IN/UDP_IN
#
# An example would be to list port 21 here then counties listed in
# CC_DENY_PORTS cannot access FTP
CC_DENY_PORTS_TCP = ""
CC_DENY_PORTS_UDP = ""
bulgin23
Junior Member
Posts: 18
Joined: 06 Apr 2018, 01:17

Re: Block countries but allow port 53/dns

Post by bulgin23 »

SOLVED: I used the following solution provided by viewtopic.php?t=7558&sid=d0d3e273b6ef83 ... 44b6671ebb
Case 2 ( recommended )

Block few countries but still allow them to reach some ports
Example: Block China Russia and Nigeria except http and https

CC_DENY_PORTS = NG,CN,RU
CC_DENY_PORTS_TCP = 1:79,81:442,444:65535
CC_DENY_PORTS_UDP = 1:65535
Post Reply