Firewall Administration (APF Firewall, LEGACY)
*Note: PM servers are currently using the CSF firewall, NOT the APF firewall for which this article applies.
Please see the following revised article for CSF firewall administration:
Firewall Administration (CSF Firewall via WHM)
Problem
User is unable to connect to sites hosted on Stormcloud, and or their email client is being blocked.
Solution
- User should try accessing site from a different device or network (eg. Phone via mobile data). If successful it is likely the user’s IP is being blocked by APF on the server.
- User should then capture their IP address by visiting http://www.whatismyip.com/ and send an email to PM with a request to unblock and provide the IP address
- See panel below for instructions on how to interact with APF and remove the block
See also:
http://www.liquidweb.com/kb/apf-firewall/
PM Staff: Unblocking an IP address in APF
Here is how to unblock (and also white-list an IP) using APF on stormcloud.peacefulmedia.com:
- SSH to peacefulmedia.com using:
ssh root@peacefulmedia.com
- Access the APF folder using:
cd /etc/apf
- Open up “
deny_hosts.rules
” using your preferred text editor - Search for the user’s IP address (eg. In “vi” type
/123.456.789.10
and press enter) - If found then delete the line with the IP address and the comment line above it. Save and quit.
- Restart the APF firewall using:
apf -r
If the issue keeps repeating and a whitelist is desired then:
- Remove the deny_hosts.rules entry as described in the steps above, then..
- Open up “
allow_hosts.rules
” using your preferred text editor - At the bottom of the file add two lines. One is a comment saying who the exception is for and also who at PM added it. The other line is the IP address to whitelist. Example:
# Fred Bloggs (added by SB on 02/10/14)
123.456.789.10
- Save the file and exit
- Restart the APF firewall using: apf -r