Articles on: Managed VPS
This article is also available in:

Managing Firewall via DirectAdmin (Unblock, Block, Whitelist)

On your Managed VPS you can manage the firewall yourself through DirectAdmin. This lets you unblock an IP address, block unwanted traffic, whitelist trusted addresses or find out why an IP address has been blocked. The firewall runs on ConfigServer Security & Firewall (CSF) — a widely used solution for Linux servers.


This article applies to our Managed VPS plans with DirectAdmin. Firewall management is only available to the admin user of your server.



Opening the firewall


  1. Log in as user admin at https://mvm-clientnameX.srvnl.nl:2222. Replace mvm-clientnameX with the hostname of your own Managed VPS plan.
  2. In the left-hand menu, click Extra Features.
  3. Click ConfigServer Security & Firewall.


You're now in the firewall management interface. Under the csf - Quick Actions section you'll find the fields for unblocking, whitelisting and blocking.


Don't know your hostname? Log in to My xYnta and review your VPS details, or see the article How can I find the server name of my hosting package?.


CSF firewall interface in DirectAdmin


Performing firewall actions


Under csf - Quick Actions you'll find three fields for the most common actions. Enter the IP address in the correct field and click the corresponding button:


Action

When to use it?

Field / button

Unblock IP address

An IP address has been blocked by mistake — for example after too many failed login attempts.

Enter the IP address next to Quick Unblock and click Quick Unblock.

Whitelist IP address

You want a trusted IP address to never be blocked — for example your office or regular work location.

Enter the IP address in the green field and click Quick Allow.

Block IP address

You want to permanently block a suspicious or malicious IP address.

Enter the IP address in the red field and click Quick Deny.


Never block your own IP address (Quick Deny) — you'll lock yourself out of your own server. Don't know your IP address? You can find it at xynta.com/ip. Locked out despite this warning? Contact us via our outage line — we can restore your access from our side.


Finding the reason for an IP block


If an IP address is blocked and you want to know why, CSF shows the cause in its log entries.


  1. Open the firewall management as described under Opening the firewall.
  2. Under csf - ConfigServer Firewall, enter the IP address next to Search for IP.
  3. Click Search for IP.


If the IP address is blocked, you'll see the reason in the last line. For example:


csf.deny: xx.xx.xx.xx # lfd: (smtpauth) Failed SMTP AUTH login from xx.xx.xx.xx (NL/Netherlands/-): 5 in the last 3600 secs - Fri Apr 22 13:03:22 2022


In this example, the IP address was blocked after 5 failed SMTP login attempts within an hour — a typical sign of a brute-force attack.


Common reasons for automatic blocks are:


  • smtpauth — failed email login attempts.
  • sshd — failed SSH login attempts.
  • mod_security — suspicious web traffic (for example SQL injection attempts).
  • portscan — detection of a port scan.


Need help?


Don't understand the reason for a block, or can't figure it out yourself? Feel free to get in touch — we're happy to explain why an IP address has been blocked and how to prevent it in the future.

Updated on: 19/04/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!