ConfigServer Security & Firewall (CSF) is the default firewall installed on Janhost Web Server. If you suspect a client or customer's IP address has been blocked by the firewall, you can resolve the issue easily in WHM and the ConfigServer Firewall. CSF is managed through WebHost Manager (WHM), this tutorial will take you through how to unblock and whitelist IPs.
CSF is found in the Plugins section of the WHM home page. Once you click on the Plugin icon, you can select ConfigServer Security & Firewall. This will open the options within the firewall and allow you to block, unblock and whitelist IP addresses and much more.
Unblocking an IP Address using WHM
- Once you are on the home page of CSF, navigate to the Search for IP section.
- Enter the IP you suspect is being blocked and click Search for IP.
- If the IP is blocked, it will show and the reason why it is blocked will be given.
- Click on the green Unblock button to unblock the IP.
- A confirmation that the IP has been unblocked will show.
Unblock using Command Line for Linux
Once you log into your server via command line (SSH), you can unblock an IP via CSF.
- First, you will need to know if the IP address is permanently blocked or only temporarily blocked. To do that, run the following command:
csf -g 192.0.2.0
The output should look like this for a permanent block:Chain num pkts bytes target prot opt in source destination DENYIN 200 0 0 DROP ;all -- !lo * 192.0.2.0 0.0.0.0/0 DENYOUT 200 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 192.0.2.0 ip6tables: Chain num pkts bytes target prot opt in out source destination No matches found for 192.0.2.0 in ip6tables csf.deny: 192.0.2.0 # Manually denied: 192.0.2.0 (-/-/-) - Mon Feb 20 10:25:05 2017
If it is temporarily denied, the output will look like this:Chain num pkts bytes target prot opt in out source destination ALLOWIN 1 0 0 ACCEPT all -- !lo * 192.0.2.0 0.0.0.0/0 ALLOWOUT 1 0 0 ACCEPT all -- * !lo 0.0.0.0/0 192.0.2.0 DENYIN 200 0 0 DROP all -- !lo * 192.0.2.0 0.0.0.0/0 ip6tables: Chain num pkts bytes target prot opt in out source destination No matches found for 192.0.2.0 in ip6tables csf.allow: 192.0.2.0 # Manually allowed: 192.0.2.0 (-/-/-) - Mon Feb 20 10:28:21 2017 Temporary Blocks: IP:192.0.2.0 Port: Dir:in TTL:30 (Manually added: 192.0.2.0 (-/-/-))
- To remove a permanent IP block, use the following command:
csf -dr 192.0.2.0
The output will show that the IP was successfully unblocked:Removing rule... DROP all opt -- in !lo out * 192.0.2.0 -> 0.0.0.0/0 LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.0.2.0
- To remove a temporary IP block, you can wait until the time is up, or run the following:
csf -tr 192.0.2.0
The output will notify you that the temporary block has been removed:csf: 192.0.2.0 temporary block removed csf: There are no temporary IP allows
