SOLVED Host Access Control not working

Operating System & Version
AlmaLinux v8.7
cPanel & WHM Version
106.0.13
T

tom9909

Registered
Jan 11, 2023
4
0
1
Australia
cPanel Access Level
Root Administrator
Hi everyone,

We have a new cPanel DNSOnly installation (AlmaLinux v8.7) and have configured host access control to only accept traffic on specific ports, however the rules aren't applying and the server is accessible outside of the IP exclusions configured.

The configuration is:
222IP address redactedtcpACCEPT
322IP address redactedtcpACCEPT
422IP address redactedtcpACCEPT
622IP address redactedtcpACCEPT
722ALLtcpREJECT
92087IP address redactedtcpACCEPT
102087IP address redactedtcpACCEPT
112087IP address redactedtcpACCEPT
122087IP address redactedtcpACCEPT
132087ALLtcpREJECT

When I check /etc/sysconfig/nftables.conf the rules are listed in the 'table inet filter' section.

Have I misunderstood something with regards to AlmaLinux and Host Access Control?

Thanks
 
Last edited by a moderator:
T

tom9909

Registered
Jan 11, 2023
4
0
1
Australia
cPanel Access Level
Root Administrator
cPRex said:
Hey there! That certainly looks right, and follows the details outlined at Host Access Control | cPanel & WHM Documentation

If you run this command on the system, does it properly return your rules?

Code: 
nft -a list chain inet filter cPanel-HostAccessControl
Click to expand...
Yes the rules exist. I can however SSH and access the web GUI from IPs that aren't approved.
 

Attachments

T

tom9909

Registered
Jan 11, 2023
4
0
1
Australia
cPanel Access Level
Root Administrator
cPRex said:
Thanks for the additional details. This is one of those things that should "just work" so could you open a ticket with our team so we can take a look at this directly on the machine?
Click to expand...
Thank you for confirming I wasn't doing something incorrectly :) I've raised a support case #94520897 for further investigation. Cheers
 
cPRex

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
14,252
2,219
363
cPanel Access Level
Root Administrator
Thanks for that - it looks like we were able to reset the Host Access Control tools by running "/usr/local/cpanel/scripts/configure_firewall_for_cpanel" - after doing that, we tested things as working properly in the ticket.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
A Adding IP to Host Access Control Security 1
K Host Access Control, rules dont load - nftables removed, iptables installed Security 3
A Questions about Host Access Control Security 2
J Host access control. OK to deny all except for my static IP? Security 7
S Host Access Control error Security 3
Similar threads
Adding IP to Host Access Control
Host Access Control, rules dont load - nftables removed, iptables installed
Questions about Host Access Control
Host access control. OK to deny all except for my static IP?
Host Access Control error
Top Bottom