Issue: How to block a country to hack your system on the cisco firewall.

Solutions to the issue:

you can block per IP or per range

if you need to block just one specific IP address:

access-list acl_out deny ip  host 175.45.176.2 .3 any

if you want to block a range:

access-list acl_out deny ip 175.45.176.0 255.255.252.0 any

Since each country is allocated their own range of IP, you can decide to block a specific country.

You can find the IP range by going to : http://www.countryipblocks.net/

For example choose Republic democratic of Korea: 175.45.175/22

then by entering in your cisco firewall configuration

access-list acl_out deny ip 175.45.176.0 255.255.252.0 any

no one in the republic democratic of Korea will be able to access your server.

Note that you need to enter the deny acces-list before the permit access-list as the order matters

Date of last update: 8-3-2010

Author:  Gaetan Barthelemy