Pick our brains...

Firewall Administration (APF Firewall, LEGACY)

*Note: PM servers are currently using the CSF firewall, NOT the APF firewall for which this article applies.

Please see the following revised article for CSF firewall administration:
Firewall Administration (CSF Firewall via WHM)


User is unable to connect to sites hosted on Stormcloud, and or their email client is being blocked.


  1. User should try accessing site from a different device or network (eg. Phone via mobile data). If successful it is likely the user’s IP is being blocked by APF on the server.
  2. User should then capture their IP address by visiting http://www.whatismyip.com/ and send an email to PM with a request to unblock and provide the IP address
  3. See panel below for instructions on how to interact with APF and remove the block


See also:



PM Staff: Unblocking an IP address in APF

Here is how to unblock (and also white-list an IP) using APF on stormcloud.peacefulmedia.com:

  1. SSH to peacefulmedia.com using: ssh root@peacefulmedia.com
  2. Access the APF folder using: cd /etc/apf
  3. Open up “deny_hosts.rules” using your preferred text editor
  4. Search for the user’s IP address (eg. In “vi” type /123.456.789.10 and press enter)
  5. If found then delete the line with the IP address and the comment line above it. Save and quit.
  6. Restart the APF firewall using: apf -r


If the issue keeps repeating and a whitelist is desired then:

  1. Remove the deny_hosts.rules entry as described in the steps above, then..
  2. Open up “allow_hosts.rules” using your preferred text editor
  3. At the bottom of the file add two lines. One is a comment saying who the exception is for and also who at PM added it. The other line is the IP address to whitelist. Example:
    # Fred Bloggs (added by SB on 02/10/14)
  4. Save the file and exit
  5. Restart the APF firewall using: apf -r