This guide explains how to whitelist or blacklist entire countries in cPFence. You can manage these settings either through the command line or by editing the configuration file, which is useful for deploying bulk settings across multiple servers.
Tip: You can find the correct ISO codes at ISO 3166-1 alpha-2.
Part 1: From CLI ( Command Line Interface )
Whitelist a Country
To add a country to the whitelist, use the following command:
cpfence --whitelist-country ISOCODE
Replace ISOCODE with the two-letter ISO code of the country, e.g., us for the United States.
Blacklist a Country
To add a country to the blacklist, use the following command:
cpfence --blacklist-country ISOCODEReplace ISOCODE with the two-letter ISO code of the country, e.g., cn for China.
Remove Country from Whitelist
To remove a country from the whitelist, use the following command:
cpfence --del-whitelist-country ISOCODEReplace ISOCODE with the ISO code of the country, e.g., us.
Remove Country from Blacklist
To remove a country from the blacklist, use the following command:
cpfence --del-blacklist-country ISOCODEReplace ISOCODE with the ISO code of the country, e.g., cn.
Part 2: From Configuration File
For bulk country settings deployment across multiple servers, you can edit the configuration file directly. This method is useful for configuring block or whitelist settings on several servers simultaneously. Simply edit the configuration file, overwrite it on all your servers, and then run the command cpfence --restart. That's all you need to do.
Editing the Configuration File:
Blocked Countries:
Add the ISO codes of the countries you want to block under the line
# BLOCKED COUNTRIES : (DO NOT DELETE THIS LINE! - Your blocked countries should go below this line).
For example:
BLOCKED_COUNTRY=cn
BLOCKED_COUNTRY=ru
Whitelisted Countries:
Add the ISO codes of the countries you want to whitelist under the line
# WHITELISTED COUNTRIES : (DO NOT DELETE THIS LINE! - Your whitelisted countries should go below this line).
For example:
WHITELISTED_COUNTRY=us
WHITELISTED_COUNTRY=fr
Applying Changes:
After editing the configuration file, You must restart the cPFence service to apply the changes:
cpfence --restart
------------
Important Notes
- Managing countries via the command line is recommended as it automatically updates the corresponding files.
- Only use the edit configuration file method on new servers or servers where you're okay with resetting the IP settings.
- Whitelisted countries will bypass all IPDB/DDoS protections, so whitelist with caution.
