How to Find the IP Blocked by the Firewall in WHM?

[ccw]

Hi,

If an IP is blocked by the firewall on the server. How can I know the specific IP address being blocked in the web-based WHM system?

Thanks

 

[GOT]

In plugins, go to ConfigServer Firewall, and click the button for Firewall Deny IPs

 

[ccw]

Hi, I go to "Plugins", but there is only "Add IP to Firewall", no "ConfigServer Firewall"

 

[GOT]

No indication what firewall it is?

In shell you can run

iptables --list --numeric |grep DROP

And that should give you a list of blocked ips regardless of which control software is running.

 

[RoseHosting]

You can run this command:

iptables -nvL | grep 1.2.3.4

Replace 1.2.3.4 with the actual IP address you want to find.

 

[cPanelLauren]

If you're not running a 3rd party firewall like CSF both of the above suggestions will be useful. Please let us know if you need any further help!

Thanks!

 

[DallasClarke]

Hi CpanelLauren,
I have been using CSF for a while now, and I only see 219 IP's blocked.
I am disappointed that CSF is not permanently blocking them.
Firewall Deny IPs, only shows today's blocked IPs.
Where are the rest of the blocked IPs gone?

 

[DallasClarke]

OK I had to go to /etc/csf/csf.conf file and change settings there.
Wont hold any changed settings in cpanel.

Set to 0 to disable limiting
DENY_TEMP_IP_LIMIT = 0
DENY_IP_LIMIT = 0

 

[DallasClarke]

A website like mine has 100's of cyber attacks daily.
Wish CSF was able to handle more IP's instead of reaching a limit then just deleting older IP's in the system.
I would not keep getting attcked if CSF did its job permanently blocking IP's without a limit.
I have changed it to no limit, but I still do not trust CSF to hold up to it, in practice.

 

[DallasClarke]

Looks like CSF settings have disappeared in cpanel after I edited and replaced csf.config
IP LIMITS settings have not changed either.

 

[DallasClarke]

What a piece of rubbish CSF is.
Luckily it has a fix problems button, so I had to reinstall it again.
Wish there is a better alternative than pathetic ConfigServer Firewall.

 

[cPRex]

@DallasClarke - sorry to hear about those issues! When a thread is more than a year old it's likely best to make your own to make sure it gets seen by the most people.

If you are frequently seeing a large number of IPs being blocked, it might be better to block with country codes rather than expand the deny list. I also recommend reaching out to CSF directly through their support team or their forums at ConfigServer Community Forum - Index page to get more specific details on that and interact with their developers.

 

[dbltoe]

@DallasClarke - You did fine with the DENY_IP_LIMIT to zero. However, setting DENY_TEMP_IP_LIMIT to zero turns off the whole process. That's why it wasn't working for you.

Looks like CSF settings have disappeared in cpanel after I edited and replaced csf.config
IP LIMITS settings have not changed either.

"Enable login failure detection daemon (lfd). If set to 0 none of the
following settings will have any effect as the daemon won't start. "