Add a country to UFW

First, get a list of IP address of a region you wish to block. One website that provides this is:

The list will look something like the following, with ranges in CIDR format one on a line. Save as say, country-usa.cidr. The list will look like the following

Next, run the command below to generate a file that is compatible with UFW rules. Inserting one by one using the command line ‘ufw insert …’ will take too long. 

Then open (as root) the file /etc/ufw/user.rules and insert the file usa.allow right after the line that reads ‘### RULES ###’

After saving the file, reload ufw with

Leave a Reply