Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section General Discussion
  • Search

Add/remove IP address to firewall

General questions about VestaCP
Post Reply
  • Print view
Advanced search
3 posts • Page 1 of 1
bobmeetin
Posts: 16
Joined: Tue Apr 10, 2018 3:52 pm

Os: CentOS 6x
Web: apache + nginx
Add/remove IP address to firewall
  • Quote

Post by bobmeetin » Sun Sep 29, 2019 10:24 pm

Either through the control panel or command line (cli?) or both, what are the procedures to add or remove an IP address in the firewall. Also to review what's currently there (as root)

The default behavior seems to be to block an IP after several attempts then you have to wait an hour or so for it to release.
Top
NordicSnowman
Posts: 10
Joined: Fri Sep 27, 2019 8:34 pm

Os: Debian 8x
Web: apache + nginx
Re: Add/remove IP address to firewall
  • Quote

Post by NordicSnowman » Sun Sep 29, 2019 10:45 pm

bobmeetin wrote: ↑
Sun Sep 29, 2019 10:24 pm
 Either through the control panel or command line (cli?) or both, what are the procedures to add or remove an IP address in the firewall. Also to review what's currently there (as root)

The default behavior seems to be to block an IP after several attempts then you have to wait an hour or so for it to release.
Fail2ban is the function blocking after failed attempts or bad behaviour, depending on your F2B rules.
You can list them (the banned ones) with v-list-firewall-ban cli-command.
For more details about the jails, use:

Code: Select all

fail2ban-client status
For adding, removing or changing rules through cli-command

Example for FTP, port 21 (allowing anyone)
# options: ACTION IP PORT [PROTOCOL] [COMMENT] [RULE]

Code: Select all

v-add-firewall-rule allow 0.0.0.0/0 21 TCP FTP
Example for blocking 123.123.123.123 to FTP
# options: ACTION IP PORT [PROTOCOL] [COMMENT] [RULE]

Code: Select all

v-add-firewall-rule drop 123.123.123.123 21 TCP FTP-ban-123
Similar for removing rules, deleting and changing rules or bans.
Check out the CLI-commands: https://vestacp.com/docs/cli/
Top
plutocrat
Posts: 232
Joined: Fri Jan 27, 2017 9:16 am

Os: Ubuntu 17x
Web: apache + nginx
Re: Add/remove IP address to firewall
  • Quote

Post by plutocrat » Mon Sep 30, 2019 6:51 am

bobmeetin wrote: ↑
Sun Sep 29, 2019 10:24 pm
 The default behavior seems to be to block an IP after several attempts then you have to wait an hour or so for it to release.
Seems you're talking about fail2ban. Try this approach

Code: Select all

root@server~ $ fail2ban-client status
Status
|- Number of jail:	5
`- Jail list:	dovecot-iptables, exim-iptables, ssh-iptables, sshd, vesta-iptables
root@server~ $ fail2ban-client status exim-iptables 
Status for the jail: exim-iptables
|- Filter
|  |- Currently failed:	8
|  |- Total failed:	158047
|  `- File list:	/var/log/exim4/mainlog
`- Actions
   |- Currently banned:	3
   |- Total banned:	20034
   `- Banned IP list:	46.38.144.179 45.82.153.37 92.118.38.36
root@server~ $ fail2ban-client set exim-iptables unbanip 92.118.38.36
Top
Post Reply
  • Print view
3 posts • Page 1 of 1

Return to “General Discussion”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password