Symptoms
IPs that are reportedly blocked by cPHulk in the server's firewall are not being blocked.
Description
When cPHulk adds an IP to the server's firewall, it adds the IP to a chain of rules specific to cPHulk. It is intended that the main input chain in the firewall calls the cPHulk chain via a "jump" rule, however, the call to the cPHulk chain is not being added.
We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-47070. Follow this article to receive an email notification when a solution is published in the product.
Workaround
Manually add the cPHulk chain to the main filter in the firewall:
nft add rule inet filter INPUT counter jump cphulk
nft add rule inet filter FORWARD counter jump cphulk
Comments
0 comments
Article is closed for comments.