Cisco Blogs

Block a Country with my Cisco Router or Firewall

February 15, 2012 - 2 Comments

Hi everyone. Starting this week, every Wednesday we are going to highlight a special security or wireless blog to round out our Borderless Networks theme. Today, we have a real treat for you with this security blog by Panos Kapanakis.  Here’s a nugget to pique your interest. Use the link to click through for more.


We are often asked by customers about how they can prevent traffic from a certain country (let’s say country X) from entering their network. The motivations for doing this could vary. Sometimes a company does not do business with all countries in the world; therefore, the company doesn’t need to be accessible from all countries. Other times it is an issue of trust and security, where an administrator may not want to allow country X to enter their infrastructure. Finally, there are cases where country X has often been incriminated with malicious activity, so an administrator may want to block country X when there is no need for the organization to interact with this country. In this document I present a methodology on how to write a tool that provides the configuration lines to block country X, using your IOS router or ASA/ASASM firewall.

Read complete blog.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. Well, I agree with the point and in my opinion there are a few countries where lucrative markets exist so blocking the communication with other countries of little business value may not only improve security of network systems while indirectly will enhance the productivity through improvement in work flow.

    • That is a good point Usman. One more reason network admins might want to block a country.