How to check that Imunify360 properly add IP to firewall?
Note: When the 3-rd Party Integration mode is enabled, all IPs that are blocked by LFD are managed by Imunify360:
When some IP address is blocked by LFD, Imunify360 adds this IP address to its Graylist and then removes it from CSF deny/tempdeny lists. The latter is done to allow the IP to have access to the Captcha and to store all automatically blocked IP addresses in a single place. Thus, no IP is automatically added to CSF deny/tempdeny lists.
To verify that the IP address is properly blocked on a firewall level, use the following steps:
Choose any graylisted/blacklisted IP address in Imunify360 > Firewall, or using CLI.
Here, as an example, a random IP is added to the blacklist:
# imunify360-agent blacklist ip add 192.168.246.90
# imunify360-agent blacklist ip list --limit=50000 | grep 192.168.246.90
192.168.246.90 0 US None Manually added on 2022-01-10 06:19:50
Refer to these documentation pages for more details on how to manage lists using Imunify360 CLI:
On the Imunify360-enabled servers, iptables configuration refers to the ipset lists using the "match-set" directive, which allows redirecting graylisted IP addresses to the CAPTCHA pages and blocking blacklisted IPs:
# iptables -L | grep "match-set i360.ipv4.graylist"
ACCEPT tcp -- anywhere anywhere match-set i360.ipv4.graylist src multiport dports 52223,52224,52227,52228,52229,52230,52231,52232
imunify360_log_gl all -- anywhere anywhere match-set i360.ipv4.graylist src
# iptables -L | grep "match-set i360.ipv4.blacklist"
imunify360_log_bl all -- anywhere anywhere match-set i360.ipv4.blacklist src
imunify360_log_bl all -- anywhere anywhere match-set i360.ipv4.blacklist.custom src
Make sure that the IP address is included in the corresponding list by specifying the set name and IP address itself:
# ipset test i360.ipv4.blacklist 192.168.246.90
Warning: 192.168.246.90 is in set i360.ipv4.blacklist.
Or find to what lists IP address is included by using:
# ipset list | grep -e ^192.168.246.90 -e ^Name | grep -B1 ^192.168.246.90
192.168.246.90 timeout 0