Issue
Imunify360 introduces a new feature that allows IP-specific whitelisting for DENY/All close except specified mode. This feature:
enables administrators to selectively allow certain IP addresses or subnets to access designated ports while keeping all other traffic blocked;
provides more granular control over server security and access management.
Environment
- Imunify360
- Firewall
Solution
1. Ensure DENY mode is enabled either via the Imunify360 UI or by setting the port_blocking_mode parameter in the configuration file.
2. Whitelisted IPs and ports are managed in the directory:
/etc/imunify360/whitelist/ports/You can create a file such as:
touch /etc/imunify360/whitelist/ports/whitelist.txt3. Add your entries in the following format:
<port>:[<protocol>: TCP|UDP|ALL]:<IP|NET>...Protocol is optional; default is
ALL.Multiple IPs/subnets can be separated by commas.
-
Currently, only IPv4 addresses are supported.
This example allows the IP 203.0.113.1 to access the cPanel port 2083 over TCP:
2083:TCP:203.0.113.1After you save the file, Imunify360 will apply the changes automatically within about 30 minutes. If you want the update to take effect immediately, toggle DENY mode off and then back on.
4. To verify the active whitelist entries, you can use:
ipset list i360.ipv4.ports-ips-tcp
ipset list i360.ipv4.ports-ips-udpThis will show the IPs/subnets and the ports they are allowed to access.
Useful links
https://blog.imunify360.com/beta-imunify360-firewall-module-v7.8
Comments
0 comments
Please sign in to leave a comment.