Last modified: October 15, 2021
/etc/hosts.allowfile through the command line to regain access.
Use this interface to allow or deny (block) access to the following services for specific IP addresses:
- cPanel (
- WHM (
- Webmail (
- Web Disk (
- FTP (
- SSH (
- SMTP (
- POP3 (
- IMAP (
To control access to the
ftpddaemon, you must use the ProFTPD FTP server. Pure-FTP does not support TCP wrappers.
To control access to the POP3 or IMAP services, you may use the Dovecot mail servers.
Allow or deny access
You must enter your
allow rules before your
To add a allow or deny a single IP address, hostname, comma-separated list of IP addresses, or CIDR subnet mask access to a service, perform the following steps:
Enter the service name in the daemon text box.
Enter the IP address or hostname in the Access List text box.
You may enter wildcards in this text box.
You must enclose IPv6 addresses in square brackets (
To add a CIDR subnet mask, add
/NUMBERto your IP address, where
NUMBERis the number of network bits that an IP address must match to be affected by your rule.
192.168.0.0/24means the first 24 bits of the requesting IP address (the first, second, and third numbers in the IP address) must match the rule IP address. This will result in all IP addresses in the range of
192.168.0.1 - 192.168.0.254meeting the rule.
2001:0db8:0:0:1:0:0:1/64means that the first 64 bits of the requesting IP address must match the rule IP address. Because IPv6 uses 128-bit addresses, this will result in all IP addresses in the range of
2001:db8:abcd:0012:0000:0000:0000:0000 - 2001:db8:abcd:0012:ffff:ffff:ffff:ffffmeeting the rule.
Enter the desired action in the Action text box.
allowto allow access.
denyto deny access.
Describe the rule in the Comment text box.
Click Save Host Access List, or click Reload to delete any changes. Saved changes will apply.
You can also enter
ALL EXCEPT IP address in the Access List text box. When you enter
allow as your action, the system will allow all of the addresses except for addresses that you entered in the Access List text box.
To allow access for two IP addresses, but deny access from all other addresses, use either of the following methods:
Create two separate rules:
Create one rule that allows
Create a second rule that denies access to
Create one rule:
all except 192.168.0.0/255.255.255.0or
all except [2001:0db8:0:0:1:0:0:1]/64in the Access List text box.
denyin the Action text box.