Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-10-26 07:46:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d8f120e73ba4c0473937f8c9acaab511bad8bbdb
CyberPanel/guides/FIREWALL_BLOCKING_FEATURE.md
Master3395 d8f120e73b Add firewall IP blocking feature and enhance security alerts 
- Introduced a new API endpoint to block IP addresses via firewalld, allowing users to manage security directly from the dashboard.
- Updated the front-end to include a button for blocking IPs detected during brute force attacks, enhancing user interaction.
- Revised README.md and documentation to include details about the new firewall blocking feature and its usage.
- Improved the SSH security analysis function to streamline firewall command execution and ensure firewalld is active.
2025-09-16 23:24:41 +02:00

153 lines
4.9 KiB
Markdown
Raw Blame History

# Firewall Blocking Feature for CyberPanel
## Overview
This feature adds a convenient "Block IP" button directly in the CyberPanel dashboard's SSH Security Analysis section, allowing administrators to quickly block malicious IP addresses without needing to access SSH or manually run firewall commands.
## Features
- **One-Click IP Blocking**: Block malicious IPs directly from the dashboard
- **Firewalld Integration**: Works with firewalld (the standard Linux firewall)
- **Visual Feedback**: Loading states, success notifications, and blocked status indicators
- **Security Integration**: Automatically appears on "Brute Force Attack Detected" alerts
- **Admin-Only Access**: Restricted to administrators with CyberPanel addons
## Implementation Details
### Backend Changes
#### 1. New API Endpoint (`/base/blockIPAddress`)
- **File**: `cyberpanel/baseTemplate/views.py`
- **Method**: POST
- **Authentication**: Admin-only with CyberPanel addons
- **Functionality**:
- Validates IP address format
- Verifies firewalld is active
- Blocks IP using firewalld commands
- Logs the action for audit purposes
#### 2. URL Configuration
- **File**: `cyberpanel/baseTemplate/urls.py`
- **Route**: `re_path(r'^blockIPAddress$', views.blockIPAddress, name='blockIPAddress')`
### Frontend Changes
#### 1. Template Updates
- **File**: `cyberpanel/baseTemplate/templates/baseTemplate/homePage.html`
- **Changes**:
- Added "Block IP" button for brute force attack alerts
- Visual feedback for blocking status
- Success indicators for blocked IPs
#### 2. JavaScript Functionality
- **File**: `cyberpanel/baseTemplate/static/baseTemplate/custom-js/system-status.js`
- **Features**:
- `blockIPAddress()` function for handling IP blocking
- Loading states and error handling
- Success notifications using PNotify
- Automatic security analysis refresh
## Usage
### Prerequisites
1. CyberPanel with admin privileges
2. CyberPanel addons enabled
3. Active firewalld service
### How to Use
1. Navigate to **Dashboard** in CyberPanel
2. Click on **SSH Logs** tab in the Activity Board
3. Click **Refresh Analysis** to scan for security threats
4. Look for **"Brute Force Attack Detected"** alerts
5. Click the **"Block IP"** button next to malicious IP addresses
6. Confirm the blocking action in the success notification
### Visual Indicators
- **Red "Block IP" Button**: Available for blocking
- **Spinning Icon**: Blocking in progress
- **Green "Blocked" Status**: IP successfully blocked
- **Notifications**: Success/error messages with details
## Firewall Commands Used
### firewalld
```bash
firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=<ip_address> drop"
firewall-cmd --reload
```
## Security Considerations
1. **Admin-Only Access**: Feature restricted to administrators
2. **Premium Feature**: Requires CyberPanel addons
3. **IP Validation**: Validates IP address format before blocking
4. **Firewalld Verification**: Ensures firewalld service is active
5. **Audit Logging**: All blocking actions are logged
6. **Error Handling**: Comprehensive error handling and user feedback
## Error Handling
The feature includes robust error handling for:
- Invalid IP addresses
- Firewalld service not active
- Firewall command failures
- Network connectivity issues
- Permission errors
## Testing
A test script is provided (`test_firewall_blocking.py`) for manual testing, though the feature is best tested through the web interface.
## Browser Compatibility
The feature uses modern web technologies and is compatible with:
- Chrome 60+
- Firefox 55+
- Safari 12+
- Edge 79+
## Future Enhancements
Potential improvements for future versions:
1. Bulk IP blocking for multiple threats
2. Temporary blocking with automatic unblocking
3. Integration with threat intelligence feeds
4. Custom blocking rules and policies
5. Blocking history and management interface
## Troubleshooting
### Common Issues
1. **"Premium feature required" error**
- Ensure CyberPanel addons are enabled
- Verify admin privileges
2. **"Failed to block IP address" error**
- Check firewalld service status: `systemctl status firewalld`
- Verify admin has necessary permissions
- Check firewalld configuration
3. **Button not appearing**
- Ensure SSH Security Analysis is enabled
- Check for brute force attack alerts
- Verify JavaScript is enabled
### Debug Information
Check CyberPanel logs for detailed error information:
- `/usr/local/CyberCP/logs/cyberpanel.log`
- Firewalld logs: `journalctl -u firewalld`
## Support
For issues or questions regarding this feature:
1. Check CyberPanel documentation
2. Review firewall configuration
3. Check system logs for detailed error messages
4. Contact CyberPanel support if needed
---
**Note**: This feature enhances CyberPanel's security capabilities by providing a streamlined way to block malicious IP addresses directly from the web interface, improving the overall user experience for server administrators.
Reference in New Issue View Git Blame Copy Permalink