Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-10-26 07:46:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d8f120e73ba4c0473937f8c9acaab511bad8bbdb
CyberPanel/guides/FIREWALL_BLOCKING_FEATURE.md
Master3395 d8f120e73b Add firewall IP blocking feature and enhance security alerts 
- Introduced a new API endpoint to block IP addresses via firewalld, allowing users to manage security directly from the dashboard.
- Updated the front-end to include a button for blocking IPs detected during brute force attacks, enhancing user interaction.
- Revised README.md and documentation to include details about the new firewall blocking feature and its usage.
- Improved the SSH security analysis function to streamline firewall command execution and ensure firewalld is active.
2025-09-16 23:24:41 +02:00

4.9 KiB
Raw Blame History

Firewall Blocking Feature for CyberPanel

Overview

This feature adds a convenient "Block IP" button directly in the CyberPanel dashboard's SSH Security Analysis section, allowing administrators to quickly block malicious IP addresses without needing to access SSH or manually run firewall commands.

Features

  • One-Click IP Blocking: Block malicious IPs directly from the dashboard
  • Firewalld Integration: Works with firewalld (the standard Linux firewall)
  • Visual Feedback: Loading states, success notifications, and blocked status indicators
  • Security Integration: Automatically appears on "Brute Force Attack Detected" alerts
  • Admin-Only Access: Restricted to administrators with CyberPanel addons

Implementation Details

Backend Changes

1. New API Endpoint (/base/blockIPAddress)

  • File: cyberpanel/baseTemplate/views.py
  • Method: POST
  • Authentication: Admin-only with CyberPanel addons
  • Functionality:
    • Validates IP address format
    • Verifies firewalld is active
    • Blocks IP using firewalld commands
    • Logs the action for audit purposes

2. URL Configuration

  • File: cyberpanel/baseTemplate/urls.py
  • Route: re_path(r'^blockIPAddress$', views.blockIPAddress, name='blockIPAddress')

Frontend Changes

1. Template Updates

  • File: cyberpanel/baseTemplate/templates/baseTemplate/homePage.html
  • Changes:
    • Added "Block IP" button for brute force attack alerts
    • Visual feedback for blocking status
    • Success indicators for blocked IPs

2. JavaScript Functionality

  • File: cyberpanel/baseTemplate/static/baseTemplate/custom-js/system-status.js
  • Features:
    • blockIPAddress() function for handling IP blocking
    • Loading states and error handling
    • Success notifications using PNotify
    • Automatic security analysis refresh

Usage

Prerequisites

  1. CyberPanel with admin privileges
  2. CyberPanel addons enabled
  3. Active firewalld service

How to Use

  1. Navigate to Dashboard in CyberPanel
  2. Click on SSH Logs tab in the Activity Board
  3. Click Refresh Analysis to scan for security threats
  4. Look for "Brute Force Attack Detected" alerts
  5. Click the "Block IP" button next to malicious IP addresses
  6. Confirm the blocking action in the success notification

Visual Indicators

  • Red "Block IP" Button: Available for blocking
  • Spinning Icon: Blocking in progress
  • Green "Blocked" Status: IP successfully blocked
  • Notifications: Success/error messages with details

Firewall Commands Used

firewalld

firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=<ip_address> drop"
firewall-cmd --reload

Security Considerations

  1. Admin-Only Access: Feature restricted to administrators
  2. Premium Feature: Requires CyberPanel addons
  3. IP Validation: Validates IP address format before blocking
  4. Firewalld Verification: Ensures firewalld service is active
  5. Audit Logging: All blocking actions are logged
  6. Error Handling: Comprehensive error handling and user feedback

Error Handling

The feature includes robust error handling for:

  • Invalid IP addresses
  • Firewalld service not active
  • Firewall command failures
  • Network connectivity issues
  • Permission errors

Testing

A test script is provided (test_firewall_blocking.py) for manual testing, though the feature is best tested through the web interface.

Browser Compatibility

The feature uses modern web technologies and is compatible with:

  • Chrome 60+
  • Firefox 55+
  • Safari 12+
  • Edge 79+

Future Enhancements

Potential improvements for future versions:

  1. Bulk IP blocking for multiple threats
  2. Temporary blocking with automatic unblocking
  3. Integration with threat intelligence feeds
  4. Custom blocking rules and policies
  5. Blocking history and management interface

Troubleshooting

Common Issues

  1. "Premium feature required" error

    • Ensure CyberPanel addons are enabled
    • Verify admin privileges

  2. "Failed to block IP address" error

    • Check firewalld service status: systemctl status firewalld
    • Verify admin has necessary permissions
    • Check firewalld configuration

  3. Button not appearing

    • Ensure SSH Security Analysis is enabled
    • Check for brute force attack alerts
    • Verify JavaScript is enabled

Debug Information

Check CyberPanel logs for detailed error information:

  • /usr/local/CyberCP/logs/cyberpanel.log
  • Firewalld logs: journalctl -u firewalld

Support

For issues or questions regarding this feature:

  1. Check CyberPanel documentation
  2. Review firewall configuration
  3. Check system logs for detailed error messages
  4. Contact CyberPanel support if needed

Note: This feature enhances CyberPanel's security capabilities by providing a streamlined way to block malicious IP addresses directly from the web interface, improving the overall user experience for server administrators.