The following procedure can be used to block IP addresses with the ConfigServer Firewall plugin in WHM.
IMPORTANT
ConfigServer Firewall software is not created by, provided by, or supported by cPanel. The following information is provided as a courtesy only, and cPanel support cannot provide assistance with performing the procedure outlined below. If you need assistance with configuring your ConfigServer Firewall, please reach out to ConfigServer support, or make use of the ConfigServer forums.
Also please keep in mind that it is possible to completely block yourself and others from accessing your server by editing firewall rules. Before making any changes to the firewall, you must confirm that you have console access to the server, meaning that you have the ability to connect to the server even if the server’s network is completely down or blocked. If you’re not sure how to do this, you must reach out to your hosting provider or datacenter for assistance with getting console access. cPanel support has no ability to assist with console access or firewall-related issues.
Procedure
To block a single IP address:
1. Login to WHM as the root user
2. Navigate to: Home »Plugins »ConfigServer Security & Firewall
3. Scroll down to: “csf – Quick Actions”
4. Enter the IP that you need to block in the pink box
5. Click “Quick Deny”
If you have more complex blocking requirements:
1. Login to WHM as the root user
2. Navigate to: Home »Plugins »ConfigServer Security & Firewall
3. Scroll to: “csf – ConfigServer Firewall”
4. Click the “Firewall Deny IPs” button
5. Review the configuration in full and review the comments to learn about the file
6. Take note that the comments mention that you can learn more by reading the /etc/csf/readme.txt file on the server
7. Next add your desired rule to the configuration. The following are some examples from the readme.txt.
NOTE: One thing that is not mentioned below is the fact that you can use CIDR notation to block a range of IP addresses. If you are unsure how to implement CIDR notation in this configuration, please reach out to the ConfigServer Forums or ConfigServer Support for advice. cPanel support does not have access to a reliable example of what blocking a range exactly looks like in this configuration.
/etc/csf/readme.txt
10. Advanced Allow/Deny Filters
###############################
In /etc/csf/csf.allow and /etc/csf/csf.deny you can add more complex port and
ip filters using the following format (you must specify a port AND an IP
address):
tcp/udp|in/out|s/d=port|s/d=ip|u=uid
Broken down:
tcp/udp : EITHER tcp OR udp OR icmp protocol
in/out : EITHER incoming OR outgoing connections
s/d=port : EITHER source OR destination port number (or ICMP type)
(use a _ for a port range, e.g. 2000_3000)
(use a , for a multiport list of up to 15 ports, e.g. 22,80,443)
s/d=ip : EITHER source OR destination IP address
u/g=UID : EITHER UID or GID of source packet, implies outgoing connections,
s/d=IP value is ignored
Note: ICMP filtering uses the "port" for s/d=port to set the ICMP type.
Whether you use s or d is not relevant as either simply uses the iptables
--icmp-type option. Use "iptables -p icmp -h" for a list of valid ICMP types.
Only one type per filter is supported
Examples:
# TCP connections inbound to port 3306 from IP 11.22.33.44
tcp|in|d=3306|s=11.22.33.44
# TCP connections outbound to port 22 on IP 11.22.33.44
tcp|out|d=22|d=11.22.33.44
Note| If omitted, the default protocol is set to "tcp", the default connection
direction is set to "in", so|
# TCP connections inbound to port 22 from IP 44.33.22.11
d=22|s=44.33.22.11
# TCP connections outbound to port 80 from UID 99
tcp|out|d=80||u=99
# ICMP connections inbound for type ping from 44.33.22.11
icmp|in|d=ping|s=44.33.22.11
# TCP connections inbound to port 22 from Dynamic DNS address
# www.configserver.com (for use in csf.dyndns only)
tcp|in|d=22|s=www.configserver.com
# TCP connections inbound to port 22,80,443 from IP 44.33.22.11
d=22,80,443|s=44.33.22.11
8. Once you have added your desired rules, click on the “Change” button at the bottom of the page
cPanel. “How to Block IPs with ConfigServer Firewall in WHM,” February 20, 2021. https://support.cpanel.net/hc/en-us/articles/1500002973762-How-to-block-IPs-with-ConfigServer-Firewall-in-WHM.
Make sure to check out our social media to keep track of the latest content.
Instagram - @nyongesasande
Twitter - @nyongesasande
Facebook - Nyongesa Sande
YouTube - @nyongesasande
Disclaimer: The information that Nyongesasande.com provides on this website is obtained from publicly available resources and is intended for information or educational purposes only. We aim to present the most accurate information possible. Through this website, you might link to other websites which are not under our control. We have no control over the nature, content and availability of those websites. Inclusion of any links does not necessarily imply a recommendation or endorsement of the views expressed within them. All content on this website is copyright to the website’s owner and all rights are reserved. We take no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control. Please refer to our terms and conditions and privacy policy before using this website.