Hello Great Ones

I was wondering if there is an easy way to block china from my server

I found a link to: http://www.ipdeny.com/ipblocks

It gave a big list of Ip's from china.

My question is can CSF and my server handle all of them?

How many IP's can CSF handle and keep on working?

Should I add more countries like North Korea?

Thanks, I am new to CSF! So far one of the better things I did to add that.

The latest version of CSF has country blocking built in (Country Code to CIDR allow/deny). Just put in the Country code (CN) and it will block it.

I am using this on a dedicated server and it's a ton of IP addresses, but I have not noticed any issues.

Hello

The latest version of CSF has country blocking built in (Country Code to CIDR allow/deny). Just put in the Country code (CN) and it will block it.

Where I put the IP address for Deny all I have to do is put CN?

No, check in the CSF config in WHM.

There is a config option called "Country Code to CIDR allow/deny"

Hello Again

Your the best! That did the trick. I blocked china and Korea, and North Korea. Let see how that works. Am I correct that it may take a bit for the tables to be updated if someone is attacking me?

I wonder if it will slow the spam on the mailscanner?

No, iptables will block those sub-nets once you restart CSF.

You do need to restart the Firewall.

I hope you don't run into problems because that is going to be a huge rule set. Let me know how it goes. I may add a few more countries too, but you can test it :)