Saudi Arabia IP Address Ranges — A Practical Cybersecurity Guide (Free List)

Every device on the internet has a public IP address, and those addresses are handed out to countries by Regional Internet Registries. For Saudi Arabia the registry is RIPE NCC. Saudi-registered address space currently spans 585 IPv4 blocks (about 11.2 million addresses), 124 IPv6 blocks, and 200 autonomous systems (ASNs) operated by providers such as STC, Mobily and Zain. Knowing exactly which ranges belong to Saudi Arabia is a simple, powerful building block for defensive cybersecurity — and this guide gives you the full, up-to-date list for free.

Download the Saudi IP list (free)

• saudi-ipv4-cidr.txt — 585 IPv4 ranges in CIDR notation, one per line
• saudi-ipv6-cidr.txt — 124 IPv6 ranges
• saudi-asn.txt — 200 Saudi autonomous-system numbers
• saudi-ip-ranges.csv — every range with first IP, last IP and size
• saudi-ip-ranges.json — machine-readable metadata and source

Source: RIPE NCC delegated statistics (the official registry for the region), retrieved 24 June 2026. Allocations change over time, so re-download every few months to stay current.

Why a Saudi IP list helps your security

• Geo-allowlisting. If only staff inside Saudi Arabia should reach an admin panel, VPN, RDP, database or office router, allow the Saudi ranges and drop everything else. This instantly removes the overwhelming majority of automated foreign attacks and brute-force bots.
• Smaller attack surface. Restricting sensitive services to one country shrinks who can even attempt a connection.
• Anomaly detection. A login to a Saudi business account from outside these ranges is worth a second look or a step-up challenge.
• Data-residency awareness. Helps you reason about where traffic originates when meeting PDPL / SDAIA and sector expectations.

How to use it — copy-paste examples

Linux: ipset + iptables (allow Saudi only on SSH)

sudo ipset create saudi hash:net
while read cidr; do sudo ipset add saudi "$cidr"; done < saudi-ipv4-cidr.txt
sudo iptables -A INPUT -p tcp --dport 22 -m set --match-set saudi src -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j DROP

nftables

nft add table inet filter
nft add set inet filter saudi { type ipv4_addr\; flags interval\; }
# load the CIDRs from saudi-ipv4-cidr.txt into @saudi, then:
nft add rule inet filter input tcp dport 22 ip saddr @saudi accept
nft add rule inet filter input tcp dport 22 drop

Nginx (allow only Saudi IPs on /admin)

geo $sa_ok {
    default 0;
    # paste each line as:  2.88.0.0/14 1;
    include /etc/nginx/saudi-ip.conf;
}
server {
    location /admin {
        if ($sa_ok = 0) { return 403; }
    }
}

Cloudflare

Security → WAF → create a custom rule: when Country does not equal Saudi Arabia (SA) and the URI path starts with /admin, action Block. Cloudflare maintains the country mapping for you, so you do not need to paste the list.

Windows / fail2ban

On Windows Server use Windows Firewall with Advanced Security to add a rule scoped to the Saudi ranges (import the CSV). With fail2ban, keep IP banning for abuse and add a Saudi-only allowlist on the service itself for defence in depth.

Important honesty caveats — read before you block

• IP geolocation is approximate. A registry country tells you where a block is registered, not always where the user physically is.
• Some Saudi-registered ranges are datacentres or VPN exit nodes. Traffic from them is not necessarily a person in Saudi Arabia.
• Real Saudi users can appear foreign. International roaming, global cloud, and CDNs can make a genuine local user look like they are abroad.
• Never use IP location as your only control. Combine it with strong passwords, multi-factor authentication, and logging. Allowlist Saudi IPs for sensitive admin access — do not put it in front of a public website where it would block legitimate visitors.
• Log first, then enforce. Run in monitor mode before you start dropping traffic, so you catch any legitimate non-Saudi access you depend on (partners, monitoring services, your own cloud).

Need help deploying this safely?

Skyline's cybersecurity engineers implement geo-aware firewall policies, conditional-access rules and anomaly detection without locking out your real users. Explore our cybersecurity services or talk to our team.