Introduction
For customers who wish to control their Host Access Controls from the command line in AlmaLinux, this requires managing the rules via the nft command itself.
Procedure
There are 3 important commands to remember throughout the process.
nft -a list chain inet filter cPanel-HostAccessControl
nft add rule inet filter cPanel-HostAccessControl
nft delete rule inet filter cPanel-HostAccessControl handle <handle_number>
If you wish to see what has been added by cPanel/WHM via the Host Access Control system, the following command will be useful. This command also is useful to obtain the "handle" number if a rule needs to be removed (this is addressed later in this article)
nft -a list chain inet filter cPanel-HostAccessControl
If you want to add a new rule to allow traffic from an address, the following will work. The example below assumes you want to allow any traffic from IP address 1.2.3.4 to port number 2087.
nft add rule inet filter cPanel-HostAccessControl ip saddr 1.2.3.4 ct state new tcp dport 2087 counter packets 0 bytes 0 accept
If you wish to remove a rule, you will want to run
nft -a list chain inet filter cPanel-HostAccessControl
To obtain the "handle"
nft -a list chain inet filter cPanel-HostAccessControl
table inet filter {
chain cPanel-HostAccessControl { # handle 4
ip saddr 1.2.3.4 ct state new udp dport 2087 counter packets 0 bytes 0 accept # handle 42
}
}
And then remove the rule with the following command.
nft delete rule inet filter cPanel-HostAccessControl handle <handle_number>
For more information, we do recommend reviewing the following documentation from RedHat about how to properly manage nftables rules.
