Firewall Rules & IP Blocking

Imunify360 manages the server firewall automatically, but you can manually control the black list, gray list, and white list, and configure when automatic blocking triggers.

Accessing the firewall

WHM → Plugins → Imunify360 → Firewall.

Manual IP management

Blocking an IP (black list)

Use this when you know an IP is malicious and want to block it permanently:

Go to Firewall → Black List → Add
Enter the IP address or CIDR range (e.g. 192.168.1.0/24 to block a /24 subnet)
Add a comment so you remember why it was blocked
Click Add IP

The IP is blocked immediately across all ports.

Unblocking an IP

Go to Firewall → Black List
Use the search box to find the IP
Click Delete next to it
Confirm

Whitelisting an IP

Whitelisted IPs bypass all firewall rules — use for your office IP, monitoring services, or trusted upstream servers:

Go to Firewall → White List → Add
Enter the IP or CIDR
Add a comment
Click Add IP

⚠

Be selective with whitelist entries

A whitelisted IP bypasses Imunify360 entirely — including malware scanning and brute-force protection. Only whitelist IPs you fully trust. Your own office IP is a good candidate; a client's IP usually isn't.

From the command line

bash

# Block an IP
imunify360-agent blacklist ip add 1.2.3.4

# Whitelist an IP
imunify360-agent whitelist ip add 1.2.3.4

# Remove from blacklist
imunify360-agent blacklist ip delete 1.2.3.4

# List all blacklisted IPs
imunify360-agent blacklist ip list

Configuring automatic blocking thresholds

Imunify360 blocks IPs automatically after detecting attack patterns. Adjust sensitivity under Imunify360 → Settings → Malware → DoS Protection:

Setting	Default	What it controls
Max connections per IP	150	Connections before IP is graylisted
Brute-force threshold	5 failures	Login failures before block
Block period	600 seconds	How long IPs stay in gray list

Lowering thresholds catches attacks faster but increases false positives. The defaults work well for most servers.

Port-level rules

For custom port blocking or allowing beyond what Imunify360 manages, use CSF (ConfigServer Firewall) which runs alongside Imunify360:

bash

# Allow a port for all IPs
csf -a IP tcp PORT      # allow specific IP on port
iptables -I INPUT -p tcp --dport PORT -j ACCEPT && csf -r

# Block a specific port
iptables -I INPUT -p tcp --dport PORT -j DROP && csf -r

Or from WHM: ConfigServer Security & Firewall → Firewall Configuration → edit TCP_IN and TCP_OUT port lists.

Firewall Rules & IP Blocking ​

Accessing the firewall ​

Manual IP management ​

Blocking an IP (black list) ​

Unblocking an IP ​

Whitelisting an IP ​

From the command line ​

Configuring automatic blocking thresholds ​

Port-level rules ​