Expertise level: Medium
iptables is the standard Linux firewall. It is extremely powerful and customizable, but can also be incredibly complex to manage as a result. For this reason, iWeb recommends ConfigServer Security & Firewall (CSF) to manage your iptables configuration. CSF is a simplified interface that makes it easy to add or remove IP addresses from your firewall.
WHM/cPanel has a web interface to manage csf.
To manage csf from within WHM, start by logging in as root.
Search for 'firewall' in the text box to the top left, and click on “ConfigServer Security&Firewall”.
This will open the web interface for configuring CSF.
Most of the options are explained, but to configure a firewall, there are three options that are most important : Quick Allow, Quick Deny, and Quick Ignore. Simply enter the IP address into the coloured box, and click the blue button.
Quick Allow will add an IP address to iptables' allow list. This IP address will be not be blocked by the firewall.
Quick Deny will add an IP address to iptables' deny list. This IP address will be blocked by the firewall.
In the case where an IP address is added to both the allow and deny lists, it will be denied, as the deny list has a higher priority over the allow list.
Quick Ignore is used to manage lfd. Login Failure Daemon (LFD) is a tool that will automatically block IP addresses that make repeated failed attempts to login. Like cPHulk Brute Force Proteection, this is an automatic system to prevent hacking. Add an IP address to Quick Ignore to prevent LFD from blocking it.
When adding an IP address to the allow list, it is highly recommended to add it to the ignore list at the same time.
After completing your changes, be sure to restart the firewall to update the rules.