How do I white list U.S. IP addresses using ASNs or an easier method to block all international traffic?

Hello Linode,

I am trying to ward off all international traffic for my WordPress site. I heard the best way to accomplish this task is at the network layer.

How would I be able to use IP tables to white list U.S. IP addresses? I know the U.S. alone has more than 1 billion addresses. Due to the voluminosity can I use ASNs instead or another method without the task being too cumbersome?

Thanks in advance. Your prompt response is always appreciated!


2 Replies

First off, I want to let you know that Country IP allocations are not 100% perfect, nor are geolocation databases. This just means that no matter how the database or list is created it won't cover absolutely everything, and should not be relied upon for security.

I was able to find the following website which will automatically create the access control list based on your preferred format and country selection:

You can find lists of IP ranges by country on websites such as the following:

Furthermore, the following article may be helpful in importing large lists of ranges into iptables:

As an aside, blocking traffic from all non-US IP addresses may be a VERY long list, which would impact performance as each connection would need to be checked against the entire list. I would suggest denying all connections by default, and allowing only US ip addresses in, just for the sake of less work to do.

Hi jgreen,

Thanks for the advice and links.

Even if I whitelist US IP addresses, given there are more than a billion addresses, wouldn't it still impact performance?



Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct