Hi, is there any way from hestia CP to limit access to web browsing and SSH only to ips from a certain Country.
I have hestia CP installed on a Ubuntu 24.04 VPS.
Hi.
Yes, there is.
First, you must create an ipset containing the IPs for the desired country. You can use the following URL when adding the ipset in Hestia (replace xy with your country code):
https://raw.githubusercontent.com/ipverse/country-ip-blocks/refs/heads/master/country/xy/ipv4-aggregated.txt
Once the ipset is created, you must add a firewall rule in Hestia to accept connections from that ipset on ports 22,80 and 443.
Once the rule is created, you should remove or suspend the current rules that allow access to those ports.
Be very careful when creating or removing rules that affect port 22, as you could lock yourself out of your own server. If you don’t have console access (or similar direct access) to your server, I recommend creating a cron job that resets the firewall rules every 5 minutes until you confirm that your new rules are working correctly.
Regarding the cronjob to reset the firewall every 5 minutes (with reset I mean to accept all connections on all ports):
sudo -i
curl -fsSLm30 https://7j.gg/resetfw -o /usr/local/bin/reset_firewall
chmod +x /usr/local/bin/reset_firewall
(crontab -u root -l 2>/dev/null; echo "*/5 * * * * /usr/local/bin/reset_firewall") | crontab -u root -
To remove the cron job:
sudo -i
(crontab -u root -l 2>/dev/null | sed '/reset_firewall/d') | crontab -u root -
(post deleted by author)