Guide

User Tools

Site Tools

Trace:
wiki:firewall

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
wiki:firewall [2023/08/15 22:45] guidebeaconwiki:firewall [2023/10/05 19:29] (current) guidebeacon
Line 29: Line 29:
 To remove an IP from the whitelist, just click delete from the same interface. To remove an IP from the whitelist, just click delete from the same interface.
  
-Additionally, IPs added to the whitelist may be included as administratively allowed IPs in nftables by the ''/etc/cron.daily/update_firewall.sh'' script.+Do not forget to update the firewall by running the script: ''/etc/cron.daily/update_firewall.sh'' 
 + 
 +The script runs daily, but running it now will immediately update the firewall. 
 + 
 +**Do not forget to add the IP to each of the 2 accounts, master on chost and beacontechnology on kingscpw01.** 
 + 
 +[[wiki:firewall#allowing_ips_to_locked_down_cpanel_accounts|Click here to learn more]]
  
 ==== Blacklist Management ==== ==== Blacklist Management ====
Line 41: Line 47:
   - Search for the IP in question, if the IP is unknown, ask the user to go to: ipecho.net and read the IP back.   - Search for the IP in question, if the IP is unknown, ask the user to go to: ipecho.net and read the IP back.
   - When the record is located, click "Delete"   - When the record is located, click "Delete"
 +
 +==== Troubleshooting ====
 +
 +It may  be the case that sometimes the script gives an error for various reasons, here are some steps to try to fix it:
 +
 +  - Try rebooting server
 +  - Try making a change in cpHulk like adding/removing an IP and trying again
 +  - Try this command: ''nft flush set inet filter ccblockset'' and try again
 +  - try this command: WARNING, may result in getting locked out, add your IP to ''/etc/sysconfig/nftables.conf'' before proceeding... ''nft flush set inet filter adminwhitelist''
  
 ===== Host Access Control ===== ===== Host Access Control =====
Line 123: Line 138:
 echo firewall was successfully updated echo firewall was successfully updated
 </code> </code>
 +
 +===== Allowing IPs to locked down cpanel accounts =====
 +
 +On some accounts, there is htaccess that whitelists IPs for extra security.
 +
 +The htaccess is normally at: ''/home/username/public_html/.htaccess''
 +
 +The area you are looking for looks something like this:
 +
 +<code>order allow,deny
 +allow from xxx.xxx.xxx.xxx
 +allow from xxx.xxx.xxx.xxx
 +allow from xxx.xxx.xxx.xxx
 +allow from xxx.xxx.xxx.xxx</code>
 +
 +Just add a similar new entry below the last one in the list
wiki/firewall.1692139557.txt.gz · Last modified: 2023/08/15 22:45 by guidebeacon
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki