Symptoms
On systems using nftables, rules added with "Host Access Control" in WHM are ignored when another firewall application, such as Imunify360 or CSF, is installed.
Description
Firewall rules are processed one at a time, in order. Once a packet has been matched to a rule and the rule applied, no more rules are processed for that packet. Other firewall applications place their rulesets ahead of the Host Access Control ruleset. Since other firewalls are designed to be the only firewall on a device, they have explicit allow rules for each open port followed by a general deny rule. This causes packets to match a rule in the other firewall's ruleset, preventing any rule in the Host Access Control ruleset from being processed.
Workaround
Use the other firewall application to manage access to the server.