Page 1 of 1

Can't Find IP Range In CC_DENY

Posted: 08 Aug 2022, 13:35
by TelosOne
So we have had an issue with some updates coming down for WHM - and in the process we discovered that the server was blocking a specific range of IP adresses.

If you "search for the IP" via the WHM gui you get this return


Table Chain num pkts bytes target prot opt in out source destination

filter CC_DENY 93147 1686 80924 DROP all -- * * 162.55.0.0/16 0.0.0.0/0


But if we try to unblock that IP or range:

Unblock 162.55.42.214, trying permanent blocks...

csf: 162.55.42.214 not found in csf.deny
...Done.

Unblock 162.55.42.214, trying temporary blocks...

csf: There are no temporary IP bans
...Done.

AND

Unblock 162.55.0.0/16, trying permanent blocks...

csf: 162.55.0.0/16 not found in csf.deny
...Done.

Unblock 162.55.0.0/16, trying temporary blocks...

csf: There are no temporary IP bans
...Done.


SO we tried this:

csf -a 162.55.0.0/16

And now see this from the WHM GUI

Table Chain num pkts bytes target prot opt in out source destination

filter ALLOWIN 1 25 8818 ACCEPT all -- !lo * 162.55.0.0/16 0.0.0.0/0

filter ALLOWOUT 1 29 2020 ACCEPT all -- * !lo 0.0.0.0/0 162.55.0.0/16

filter CC_DENY 93147 1740 83516 DROP all -- * * 162.55.0.0/16 0.0.0.0/0


ip6tables:

Table Chain num pkts bytes target prot opt in out source destination
No matches found for 162.55.42.214 in ip6tables

Permanent Allows (csf.allow): 162.55.0.0/16 # Manually allowed: 162.55.0.0/16 (DE/Germany/-) - Mon Aug 8 08:40:52 2022


We have never run into this before. Where do we get at that rule blocking 162.55.0.0/16 ????

Re: Can't Find IP Range In CC_DENY

Posted: 08 Aug 2022, 17:07
by Sarah
It is CC_DENY so you are blocking a country that contains that CIDR. You can't remove a range or an IP address from a CC blocklist. If the range has been allowed in csf, the allow *should* override the block.