CSF Deny IP vs. cPanel IP Deny Manager

[serverguy]

I have a question about the operation of the system CSF firewall vs.cPanel's IP Deny Manager.

Say we host 30 domains, and say that two of the domains we host are getting hammered by a single IP - 221.231.103.199
That IP is part of a /24 originating in China.

Now the owners of the domains can go into cPanel IP Deny Manager and add 221.231.103.0/24 in order to block all ip addresses in the /24

But as the system administrator I can go into WHM and put the following entry into CSF Deny IP's
221.231.103.0/24 # do not delete

So my question is this:

If I enter 221.231.103.0/24 # do not delete into CSF via WHM, does that deny the /24 for ALL hosted domains, or does that simply deny the /24 for 'server' things (like root access), and that each domain must individually block 221.231.103.0/24 in cPanel in order to protect themselves? In other words, does a CSF 'deny' globally block access for all hosted domains, or does each domain need to engage in 'local' protection via cPanel IP Deny Manager in order to reject access?

Thanks

[sawbuck]

"If I enter 221.231.103.0/24 # do not delete into CSF via WHM, does that deny the /24 for ALL hosted domains?"

Yes

[serverguy]

That wasn't the question.

I KNOW that doing /24 will deny for things like e-mail, root access, etc....

My question was more - will it deny http access for all hosted domains, thereby obviating the need for each domain to manage bad IP ranges using cPanel IP Deny Manager.

[ForumAdmin]

Yes, it will. Blocks are server-wide.