How to Block Countries in CSF Firewall

You may have a visited a website, only to find that it is not accessible from your geographical location. This is because your country’s IP address has been blocked in the firewall of the server the website is hosted on. This is actually a useful feature to prevent unauthorized users from gaining access to important information.

One such application is CSF or Config Server Firewall; it is a free firewall application created for Linux servers, VPS based on Linux, and various Linux distributions. CSF provides the following functions:

  • Filtering of incoming and outgoing packets
  • Flood, intrusion, and login detection
  • User interface integration for DirectAdmin, cPanel, and Webmin
  • Ability to deal with attacks like port scans, brute force attacks, and SYN floods

A frequently asked question by most Linux server users and administrators is whether it is possible to block specific countries in CSF. The answer is yes, and here’s how you can.

How to Do it?

CSF can be managed either through the control panel or through the command line. You can easily block unwanted countries from accessing your server. In order to do this, you have to open the configuration file of CSF by editing /etc/csf/csf.conf and then jump to the line that says

You can enter the 2 Letter Country Code for each country that you want to block, separate by commas.

For example, to block Thailand, Hong Kong, and Nigeria, the line should look like this:

Save the file and restart the firewall when you are done.

A list of countries and their 2 letter country code can be found at