The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to unblock an ip?

Discussion in 'General Discussion' started by groefie, Apr 13, 2005.

  1. groefie

    groefie Active Member

    Joined:
    May 30, 2003
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    one of our trusted customers is blocked by BFD due too much failed logins. No he can't access the server anymore. How do I remove his ip from the block list? I've tried

    iptables -A INPUT -s 84.107.***.* -j ACCEPT

    but that doesn't work... :confused:

    Thanks in advance!

    Gunther.
     
  2. RickG

    RickG Well-Known Member

    Joined:
    Feb 28, 2005
    Messages:
    238
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    North Carolina
    Gunther:

    The correct syntax to remove an entry from the iptables is:

    iptables -D INPUT Line#

    To determine the Line#, run iptables -L and count from the top which entry you want to remove.

    As an example, let's say after running the list you see:

    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    DROP all -- 111.222.333.444 anywhere
    DROP all -- 123.456.789.101 anywhere
    DROP all -- 346.778.123.010 anywhere
    acctboth all -- anywhere anywhere
    etc.

    ... and you want to remove the 123.456.789.101 entry, that would be line 3, or:

    iptables -D INPUT 3
     
    #2 RickG, Apr 13, 2005
    Last edited: Apr 13, 2005
  3. groefie

    groefie Active Member

    Joined:
    May 30, 2003
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    Thanks. :p
     
  4. rootuser

    rootuser Well-Known Member

    Joined:
    Jan 31, 2005
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    ***INDIA***
    One More Doubt If I Want To Open A Particular Dynimic Port To Particular Ip Address , What Is The Command For That.i Mean Through Iptables.
     
  5. Ramsy

    Ramsy Guest

    take a look in /etc/apf/conf.apf ;)
     
  6. rootuser

    rootuser Well-Known Member

    Joined:
    Jan 31, 2005
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    ***INDIA***

    I want to open port 2001 . In /etc/apf/conf.apf i includeds this particular port to IG and EG sections , but it is not working .So i ask. Do u know any other way .T :cool: :cool: hanks!
     
  7. GeekPatrolMille

    GeekPatrolMille Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    McKinney, Texas, USA
    Be certain to reload APF rules when modifying ports

    apf -r

    or

    apf --restart

    They both do the same thing but this will allow the existing tables in APF to be flushed and the new changes to become active

    -greg
     
  8. groefie

    groefie Active Member

    Joined:
    May 30, 2003
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6

    Problem: this works fine but the day after the ip is in the list again and the customer can't access the server again... Do I have to save something first? :confused:
     
  9. FWC

    FWC Well-Known Member

    Joined:
    May 13, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ontario, Canada
    Put their IP in /usr/local/bfd/ignore.hosts or tell them to stop being a dumbass and generating failed logins. :)
     
  10. GeekPatrolMille

    GeekPatrolMille Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    McKinney, Texas, USA
    I was required to remove one entry before from /etc/apf/deny_hosts.rules because of a similar issue. This file is just a simple text file of all the IP and host names you wish to block. Delete the line you want to unblock. Now, if you have some tool in addition to APF which logs entries automatically into the firewall deny list, there may be other files to remove these entries from also but I could not tell you what that may be without more info.

    -greg
     
  11. GeekPatrolMille

    GeekPatrolMille Well-Known Member

    Joined:
    Mar 12, 2004
    Messages:
    84
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    McKinney, Texas, USA
    I agree with the dumbass process described by FWC... This should be applied across all user policy...:) :) :)
     

Share This Page