How to add multiple IPs to the Blacklist in Imunify360?

Issue

How to add multiple IPs to the Blacklist.

Environment

• Imunify360

Solution

You can block multiple IP addresses by utilizing an external list.

Reference: https://docs.imunify360.com/features/#external-black-whitelist-management

Here are the steps for blocking IP addresses:

• Make sure that the necessary directory exists:

mkdir -p /etc/imunify360/blacklist

• Create an external list using any name and ".txt" extension. All such files will be combined into the blacklist:

touch /etc/imunify360/blacklist/ext.txt

• Populate the file with IP addresses or subnet addresses with a mask, e.g.:

cat /etc/imunify360/blacklist/ext.txt 
192.168.xxx.xxx
192.168.xxx.0/24

• Reload lists so that changes will be applied:

imunify360-agent reload-lists

An alternative would be using bash:

• Add the list of IP addresses to the file:

cat ip_list
192.168.xxx.xxx
192.168.xxx.xxx

• Then execute the following command:

for i in $(cat ip_list); do imunify360-agent ip-list local add --purpose drop $i --comment "IP from the list"; done

Useful links

https://cloudlinux.zendesk.com/hc/en-us/articles/4411329357586-How-to-add-multiple-IPs-to-the-White-List-in-Imunify360 

https://docs.imunify360.com/features/#external-black-whitelist-management