How to add your IP Address to the Firewall (for SSH access)

For security reasons, SSH access to your VPS is blocked at the firewall level. Before you can connect to your account via SSH, you will need to add your local IP address to the firewall. This guide will show you how to add your IP Address to the Firewall for SSH access.

Don’t have time to read the guide?

Adding your IP address to the Firewall

  1. Find your IP address. Visit the following url:
    https://www.inmotionhosting.com/ip
    The IP address that is displayed is your IP address as seen by the rest of the internet.
  2. Log into your WHM.
  3. Click the “Add IP to Firewall” link in the left menu. This link is one of the last links in the left menu in WHM. You can also type in the search box at the top right “Add IP” and the link will show on the left.
  4. Enter your IP address in the “Allow Rule:” field and click the “Add Rule / Restart” button.
    /etc/apf/allow_hosts.rules

Congratulations, now you know how to add your IP Address to the Firewall for SSH access. Check out our section on SSH and root access to learn more.

30 thoughts on “How to add your IP Address to the Firewall (for SSH access)

  1. After following the instructions from this video I can no longer open the cPanel or the WHM. Both options just leave me with a blank tab when trying to open them from the AMP control panal.

    1. Adding an IP to a firewall would not cause the server to stop working. Though, if you added an invalid or malformed ID, then it’s possible that it may have caused the problem. You will need to speak with your host’s live technical support team to review your account and determine the problem access to WHM/cPanel.

  2. I have a VPS and in my WHM it didn’t have any option to “Tweak Settings” so I had to contact support. They were able to fix this in just a few minutes.

  3. Trying to use the Add IP to Firewall plugin, I get this error message:

    ——————–

    HTTP error 403

    cgi/addon_add2apf.cgi

    WHM is configured to disallow execution of unregistered applications when logged in as root or a reseller with the “all” ACL. To enable this functionality you must do one of the following: Register this addon with the /usr/local/cpanel/bin/register_appconfig script (https://go.cpanel.net/appconfig), Enable the “Allow apps that have not registered with AppConfig to be run when logged in as root or a reseller with the “all” ACL in WHM” option in “Tweak Settings”, or add permit_unregistered_apps_as_root=1 to the /var/cpanel/cpanel.config file, and run the /usr/local/cpanel/etc/init/startcpsrvd script.

    1. Hi! I’m sorry to see you are receiving that error in your WHM. If you are logged in as the root user, you can simply follow the instructions in the error log. Go to Tweak Settings in WHM, find the settings:

      “Allow apps that have not registered with AppConfig to be run when logged in as root with the “all” ACL in WHM”
      “Allow apps that have not registered with AppConfig to be run when logged in as a reseller with the “all” ACL in WHM”

      Enable them both and this should correct the error. If you do not have root access, you will need to reach out to the hosting provider to assist further. I hope this helps!

  4. When I click on Add IP link, I get the following error:

    ———-

    Internal Server Error

     

    500

     

    Could not find function Cpanel::LegacyLogin::generic_error! at /usr/local/cpanel/Cpanel/Server.pm line 1240.

    cpsrvd/11.62.0.17 Server at advanced1811.inmotionhosting.com

    ————–

     

  5. It was not instantaneous.  Took about 10 minutes.  I did contact support and they could fin no problems.   So it was resolved, but there is a lingering problem.

    thanks

  6. Tried to add local IP address to firewall.  APF stops but then hangs.   It never restarts. What do I do now?  

    1. It should be instant. If it keeps hanging, that is not normal behavior. In that case, you will want to contact the Live Support for additional assistance.

  7. “Network error: Connection timed out” when trying to connect with SSH. I have the R-1000S shared hosting reseller plan. Also the Add IP to Firewall” is not present to me, and I am logged in with root account!

    1. Since resellers do not have root access, you would not see the option. I’d suggest reaching out to support with your IP address so we can see what’s going on.

  8. The instruction to remove ip address from firewall is not working.

    I am not allowed to view /etc/apf/allow_hosts.rules from shell .

    1. Hello Asok,

      Thanks for the question and sorry for the problems with editing rule. The firewall rules can only be edited if you have root access to the server. If you are on a shared server account or VPS/Dedicated server account without root access, please contact our live support team via email/phone/chat. Make sure that you include the verification for your account (AMP password or last 4 digits of your credit card on the account). Describe your request and they will be able to finish it for you.

      I hope this helps to answer your question, please let us know if you require any further assistance.

      Regards,
      Arnel C.

  9. The “Add IP to Firewall” link is not present in the left-hand menu. I used to have it in the previous version of WHM, but since it was updated, I cannot find it.

    Would appreciate any help.

    1. Hello OG Solutions,

      The Add IP to Firewall solution should still be there, but will only be available if you’re logged in as a root admin. If you’re logged correctly and you still don’t see it, please submit a support ticket or contact live technical support for immediate assistance. If there is an issue with that feature, then it may require that senior systems personnel be involved in its resolution.

      If you wish for the issue to be investigated through the support center, we would need more information regarding your account.

      Kindest regards,
      Arnel C.

    1. The instructions are correct, however, on your particular server a setting needed to be adjusted. I have corrected it and you should now be able to follow these instructions.

  10. I recently left a comment about removing an IP address after adding it.

    To restart the firewall after making edits to “/etc/apf” I used the command:

    service apf restart

    as is listed in your “How To Open A Port in Your Firewall” doc.

  11. While following this guide, we wanted to know how to remove IPs that had already been added using the process above.

    The WHM documentation refers to a plugin, “ConfigServer & Firewall”, which was not installed by default in our managed VPS’s WHM.  According to IMH tech support, you can opt to install this WHM plugin yourself, or request that they do so (fees may apply).

    While looking into SSH options, we checked to see if we could edit entries in the “/etc/ips” file, as is described in:

    https://linuxadministrator.pro/blog/?p=400

    But that file was empty.  We also didn’t have access to the iptables command in our shell.  So… how could we manage these added entries via SSH?

    Tech support pointed us towards the “/etc/apf” file which contains a list of the IPs added via WHM’s “Add IP Address to Firewall”.  The ones we had added via WHM appeared at the end of the file, and we edited it accordingly.

    Be mindful that there other IP entries in there which should be left as is (eg: the InMotion Hosting section).

Was this article helpful? Join the conversation!