How to Whitelist / Blacklist an IP ?

This guide explains how to manage IP addresses by adding them to the whitelist or blacklist in cPFence. Whitelisting allows specific IPs to bypass security rules, while blacklisting blocks access from specific IPs. Both IPv4 and IPv6 addresses are supported using the same commands.

Add IP to Whitelist

To add an IP to the whitelist, use the following command:

cpfence --add-whitelist-ip IP

Replace IP with the IP address you want to whitelist, e.g., 192.168.1.1/23 or 2001:db8::1/64.

Remove IP from Whitelist

To remove an IP from the whitelist, use the following command:

cpfence --del-whitelist-ip IP

Replace IP with the IP address you want to remove, e.g., 192.168.1.1 or 2001:db8::1.

Add IP to Blacklist

To add an IP to the blacklist, use the following command:

cpfence --add-blacklist-ip IP

Replace IP with the IP address you want to blacklist, e.g., 192.168.1.1/24 or 2001:db8::1/64.

Remove IP from Blacklist

To remove an IP from the blacklist, use the following command:

cpfence --del-blacklist-ip IP

Replace IP with the IP address you want to remove, e.g., 192.168.1.1 or 2001:db8::1.

Bulk Importing IPs for Whitelisting or Blacklisting

cPFence supports bulk importing IPs from files or URLs for whitelisting or blacklisting. This allows you to manage IP access across all your servers in one step. Both IPv4 and IPv6 addresses are supported.

Example Usage

To bulk whitelist IPs, use the following command:

cpfence --bulk-whitelist-ip https://a.com/custom_whitelist.txt

To automate this process with a cron job, you can add a crontab to keep all your servers synced with your custom rules:

Example Usage:

0 * * * * /usr/local/bin/cpfence --bulk-blacklist-ip https://a.com/custom_blacklist.txt

This feature supports both full paths and valid URLs.

Available Bulk Import Options :

  • cpfence --bulk-whitelist-ip URL_OR_FILE
    Bulk add IPs from a URL or file to the whitelist.
    (e.g., cpfence --bulk-whitelist-ip https://a.com/file.txt)

  • cpfence --bulk-blacklist-ip URL_OR_FILE
    Bulk add IPs from a URL or file to the blacklist.
    (e.g., cpfence --bulk-blacklist-ip /PATH/TO/FILE)

  • cpfence --bulk-del-wl-ip URL_OR_FILE
    Bulk delete IPs from a URL or file from the whitelist.
    (e.g., cpfence --bulk-del-wl-ip https://a.com/file.txt)

  • cpfence --bulk-del-bl-ip URL_OR_FILE
    Bulk delete IPs from a URL or file from the blacklist.
    (e.g., cpfence --bulk-del-bl-ip /PATH/TO/FILE)

Manually Reviewing IP Lists

You can manually review or manage your custom whitelist and blacklist files for both IPv4 and IPv6 here:

  • IPv4 Whitelist: /opt/cpfence/user-config/cpfipdb/whitelistips.txt
  • IPv4 Blacklist: /opt/cpfence/user-config/cpfipdb/blacklistips.txt
  • IPv6 Whitelist: /opt/cpfence/user-config/cpfipdb/whitelistips_v6.txt
  • IPv6 Blacklist: /opt/cpfence/user-config/cpfipdb/blacklistips_v6.txt

Use these commands to effectively manage IP access in cPFence, ensuring your network is secure and only authorized IPs can interact with your server.

Need Further Assistance?

Visit our Knowledgebase or contact our support team for help.

  • bulk import ips, bulk whitelist, bulk blacklist
  • 21 Users Found This Useful
Was this answer helpful?

Related Articles

How to Whitelist / Blacklist a Full Country ?

This guide explains how to whitelist or blacklist entire countries in cPFence. You can manage...

How to Fix Bulk IP Blacklisting or Whitelisting Issues in cPFence?

If you're facing issues when attempting to bulk blacklist or whitelist IPs in cPFence, the most...

How to Check the Status of an IP in cPFence?

cPFence allows you to quickly check the current state of an IP address to see if it has been...

How to Block Tor IPs with cPFence?

Tor (The Onion Router) is a popular tool used by many to browse the internet anonymously. While...

How to Automate Blocking with Online IP Blacklists in cPFence?

cPFence provides a robust IP Database (IPDB) that dynamically adapts to new threats by updating...