Question
Block access in Estonia
- Posted on February 6, 2023
- DigitalOcean Cloud Firewalls
Asked by 709202b6d110481f8f51ae292f2f54
Hello everyone, my website is cazimoon.com currently doing blog and learning more SEO, but now the Estonian market has many people entering SEO Spam comments on my posts, not real people. So what if I want to temporarily block Estonia?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
You can also use third-party providers like CloudFlare that provider Firewall features that allow blocking single IP addresses or whole IP ranges.
Just enter an IP address, an IP range, or a two-letter country code you wish to block. You can check more here:
https://serverpilot.io/docs/how-to-block-ips-with-cloudflare/
Hope that this helps!
Hello,
Blocking entire countries can be useful in some situations, but it should be used cautiously because it may inadvertently block legitimate users. Here’s how you can do it using iptables and CSF (ConfigServer Security & Firewall):
Step 1: Install CSF
First, ensure that CSF is installed on your system. If it’s not, you can install it with the following commands. Note that you should have root privileges to run these commands:
Before you make CSF your primary firewall, test it to make sure it works correctly on your server:
If you see “RESULT: csf should function on this server”, it means CSF is ready to be configured on your server.
Step 2: Configure CSF
To block countries, you will need to configure CSF. Open the CSF configuration file:
Find the line that starts with
CC_DENY. It should look something like this:You can add country codes (in ISO 3166-1 alpha-2 format) to this line to block them. For example, if you want to block China (CN), Russia (RU), and North Korea (KP), you would need to add them to your CC_DENY line.
In your case, the ISO 3166-1 alpha-2 country code for Estonia is EE. To block Estonia, use this line:
After you have made the changes, save and close the file.
Step 3: Restart CSF
To apply the changes, you need to restart CSF:
Note:
Remember, blocking entire countries can have unforeseen consequences and may not be the most effective way to secure your system. It’s generally better to have specific rules based on the behavior you want to prevent. This could involve blocking specific IP addresses or ranges known to be associated with malicious activity, or implementing rate limiting to prevent brute-force attacks.
Also note that the CC_DENY option blocks not only incoming connections, but outgoing as well. If you want to block only incoming connections, use CC_INCOMING_DENY instead. Similarly, to block outgoing connections, use CC_OUTGOING_DENY.