Server Firewall & WAF Built Into Your Panel
Manage firewalld rules, ModSecurity WAF with OWASP rules, SSH hardening, and brute force protection — all from a single CyberPanel dashboard. No terminal required.
Firewall & Security
Three Layers of Server Protection
Network firewall, web application firewall, and SSH hardening — managed through one interface.
Firewalld Rule Management
Add, delete, and manage firewall rules through the GUI. Each rule creates IPv4 and IPv6 rich rules with automatic reload.
- TCP/UDP port rules with IP filtering
- Both IPv4 and IPv6 rich rules
- Start, stop, reload firewalld
- Rules persist in DB + firewalld
ModSecurity WAF
Web Application Firewall with OWASP and Comodo rule packs. Protects against SQL injection, XSS, RCE, and OWASP Top 10 attacks.
- OWASP Core Rule Set 3.0
- Comodo ModSecurity Rules
- Custom rules editor
- Per-file rule enable/disable
SSH Hardening
Change SSH port, disable root password login, and manage SSH keys — all from the panel. Firewall rules update automatically.
- Custom SSH port configuration
- Root login enable/disable
- SSH public key management
- SELinux port label auto-update
Brute Force Protection
Automatic blocking of brute force attacks on SSH, FTP, SMTP, POP3, and IMAP with configurable thresholds and block durations.
- SSH, FTP, SMTP, POP3, IMAP
- Configurable failure thresholds
- Timed IP blocking (30 min default)
- ModSecurity trigger integration
Imunify360 & ImunifyAV
One-click installation and integrated dashboard for Imunify360 advanced security suite and ImunifyAV antivirus scanning.
- Imunify360 proactive defense
- ImunifyAV malware scanning
- Integrated panel dashboard
- License key activation
Plugin Hook System
30 Django signals fire on every firewall operation — pre and post hooks for add, delete, start, stop, reload, and all security actions.
- 30 pre/post operation signals
- Third-party plugin extensibility
- Custom security integrations
- Event-driven architecture
ModSecurity with OWASP & Comodo Rules
CyberPanel installs ModSecurity with verified, checksum-matched binaries for OpenLiteSpeed. Choose OWASP Core Rule Set 3.0 or Comodo rules — or write your own custom rules in the built-in editor.
Every Layer, One Dashboard
Network rules, application firewall, SSH keys, and brute force protection — managed without a terminal.
Network Layer — Firewalld
IPv4 + IPv6 rich rules with per-IP port control. Rules saved to both the database and firewalld permanent config for persistence across reboots.
Application Layer — ModSecurity
WAF rules inspect every HTTP request before it reaches your application. OWASP CRS blocks the top 10 web attack categories automatically.
Access Layer — SSH Hardening
Change the SSH port, disable root password login, and manage authorized keys. Firewall rules and SELinux labels update automatically.
Brute Force — Auto Block
Failed SSH, FTP, SMTP, POP3, and IMAP logins trigger automatic 30-minute IP blocks. Configurable thresholds for each service.
Audit Logging
ModSecurity audit engine records every blocked request with full details — client IP, request payload, matched rule, and action taken.
LiteSpeed Enterprise Config
Direct editor for LiteSpeed Enterprise pre_main_global.conf. Fine-tune server-level security settings without SSH access.
Secure Your Server in Minutes
Firewalld rules, ModSecurity WAF, and SSH hardening are included free in every CyberPanel installation. No add-ons required.