The usage of “CC_ALLOW” and “CC_DENY” to allow and deny countries with its country code.
You can refer this from the link How to block countries from server by using csf
If we use the options “CC_DENY” or “CC_ALLOW”, we have to specify the countries code to block or allow access. Here is an alternate option for blocking whole countries except we wants. If you want to allow only one country to your server, you need to specify all country codes in “CC_DENY” to block others. We can done the same by using an alternate CSF directive. CC_ALLOW_FILTER, by using this directive we can block all other countries to server.
# An alternative to CC_ALLOW is to only allow access from the following # countries but still filter based on the port and packets rules. All other # connections are dropped CC_ALLOW_FILTER = ""You can do this by editing the CSF configuration file “/etc/csf/csf.conf“.
1, SSH to server as root.
2, Edit CSF conf:
vi /etc/csf/csf.conf3, Add the countries you want to Allow:
CC_ALLOW_FILTER = "AF,AL,DZ,AS,AD,AO"4, Restart CSF.