# UFW - Block entire countries by IPs

If you don't want one explicit or even multiple countries, to connect to your server, you can block all their requests, by using UFW. This will, however, make your UFW status output extremely long, as well as taking some time to set up.

<p class="callout warning">Doing this, is, of course, no guarantee, because it only blocks IPv4 and often enough, attackers mask/spoof their IP anyway. Moreover, this is quite a drastic step to take. You should rather control access on a different level, e.g. using a WAF.</p>

First, you need to download a list of all the IPv4 Subnets, a country has assigned. You can download said list [here](https://www.ip2location.com/free/visitor-blocker "Blocking Lists") and make sure to choose CIDR as output format. After that, simply run the following command (This may take a while)

```bash
cat yourList.txt | awk '/^[^#]/ { print $1 }' | sudo xargs -I {} ufw deny from {} to any
```

To remove all the rules, run

```bash
cat yourList.txt | awk '/^[^#]/ { print $1 }' | sudo xargs -I {} ufw delete deny from {}
```

<div class="page-content" id="bkmrk-"><div class="text-muted text-small">  
</div></div>