Issue
How to check that Imunify360 properly adds an IP to the firewall?
Environment
- Imunify360
- Firewall
Solution
Note: When the 3-rd Party Integration mode is enabled, all IPs that are blocked by LFD are managed by Imunify360:
When some IP address is blocked by LFD, Imunify360 adds this IP address to its Graylist and then removes it from CSF deny/tempdeny lists. The latter is done to allow the IP to have access to the Captcha and to store all automatically blocked IP addresses in a single place. Thus, no IP is automatically added to CSF deny/tempdeny lists.
To verify that the IP address is properly blocked on a firewall level, use the following steps:
-
Choose any graylisted/blacklisted IP address in Imunify360 > Firewall, or using CLI. Here, as an example, is a random IP is added to the blacklist:
# imunify360-agent ip-list local add --purpose drop 192.168.246.90
OK
# imunify360-agent ip-list local list --purpose drop --limit=50000 | grep 192.168.246.90
192.168.246.90 0 US None Manually added on 2022-01-10 06:19:50Refer to these documentation pages for more details on how to manage lists using Imunify360 CLI:
-
On the Imunify360-enabled servers, the iptables configuration refers to the ipset lists using the "match-set" directive which allows redirecting graylisted IP addresses to the CAPTCHA pages and blocking blacklisted IPs:
# iptables -L | grep "match-set i360.ipv4.graylist"
ACCEPT tcp -- anywhere anywhere match-set i360.ipv4.graylist src multiport dports 52223,52224,52227,52228,52229,52230,52231,52232
imunify360_log_gl all -- anywhere anywhere match-set i360.ipv4.graylist src# iptables -L | grep "match-set i360.ipv4.blacklist"
imunify360_log_bl all -- anywhere anywhere match-set i360.ipv4.blacklist src
imunify360_log_bl all -- anywhere anywhere match-set i360.ipv4.blacklist.custom src -
Make sure that the IP address is included in the corresponding list by specifying the set name and IP address itself:
# ipset test i360.ipv4.blacklist 192.168.246.90
Warning: 192.168.246.90 is in set i360.ipv4.blacklist.Or find what lists IP address is included to by using:
# ipset list | grep -e ^192.168.246.90 -e ^Name | grep -B1 ^192.168.246.90
Name: i360.ipv4.blacklist
192.168.246.90 timeout 0
Comments
0 comments
Please sign in to leave a comment.