Skip to content

TCR-828 #176

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
annkots merged 1 commit into from
Feb 25, 2026
Merged

TCR-828 #176

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion docs/dashboard/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -286,13 +286,17 @@ sed -ri "s/^(cmd=.*)$/\1--scan-archive/g" /etc/minidaemon/minidaemon-aibolit.cfg
## Firewall


Tne <span class="notranslate">_All Lists_</span> tab allows viewing and managing the IP addresses in the following lists (listed by priority):
The <span class="notranslate">_All Lists_</span> tab allows viewing and managing the IP addresses in the following lists (listed by priority):

* <span class="notranslate">White</span> - the IP will not be blocked
* <span class="notranslate">Drop/Black</span> - the IP will be blocked everywhere, on all ports and services
* <span class="notranslate">Greylist</span> - the IP will be blocked completely on non-web ports (SSH, FTP, etc.), and will be shown Anti-Bot Challenge on web ports (80, 443, hosting panel ports)
* <span class="notranslate">Anti-Bot Challenge</span> - the IP will be shown Anti-Bot challenge on web ports, and will not be blocked on others

:::tip Note
Blocked ports restrictions are enforced separately from IP list decisions. If you need a whitelisted IP/subnet to access a restricted port, allow it explicitly in [**Firewall → Ports**](/dashboard/#ports) by adding it to the [port’s allowlist](/dashboard/#edit-ports-in-the-blocked-ports-list), or grant **Full Access**.
:::

The counters for the lists are presented at the top of the table, reflecting the number of records matching the category.

![](/images/Firewall.png)
Expand Down
10 changes: 10 additions & 0 deletions docs/features/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,16 @@ Starting with imunify360-firewall-8.2.0 all IP lists are applied automatically.
Specifying IPs in those files will not prevent Imunify from adding the same IPs to dynamic lists (like Grey list), but all White lists always have the priority over Black lists when it comes to actual filtering of requests/packages.
:::

:::warning Note
Adding an IP/subnet to the external **White List** affects only IP-based firewall decisions. It **does not override** the **Blocked ports** policy.

If a port is restricted in **Blocked ports**, the port may remain inaccessible even for whitelisted IPs/subnets. To allow access, you must explicitly whitelist the IP/subnet for that specific port via:
- [**🔗 GUI**](/dashboard/#edit-ports-in-the-blocked-ports-list)
- [**🔗 CLI**](/command_line_interface/#blocked-ports)

See also: [“IP whitelisting/port blocking precedence”](/faq_and_known_issues/#ip-whitelisting-port-blocking-precedence) in FAQ & Known Issues.
:::


## Global Ignore List

Expand Down
Loading