What Does "Flush All Blocks" Do?

ConfigServer Security & Firewall (CSF) maintains a block list of IP addresses that have been banned — either manually by you or automatically by features like LFD (Login Failure Daemon) and country blocking. The Flush All Blocks action removes all temporarily blocked IPs from the firewall rules, effectively unblocking every currently banned IP address. This is useful when an overzealous block rule has locked out legitimate traffic, or when you want to start with a clean slate.

Steps to Flush All Blocks

  1. Log in to WHM as the root user.
  2. Navigate to Home » Plugins » ConfigServer Security & Firewall.
  3. Find the csf – ConfigServer Firewall section on the main page.
  4. Locate the Flush All Blocks button.
  5. Click Flush All Blocks.
  6. CSF will remove all temporary blocks and reload the firewall rules.

Important Notes

  • Flush All Blocks removes temporary blocks that were added by LFD (Login Failure Daemon) from csf.deny. Manually added permanent deny entries are not affected.deny). It does not remove IPs that you have permanently added to the deny list via the Quick Deny or Firewall Deny IPs options.
  • If LFD (Login Failure Daemon) is running, blocked IPs may be re-added quickly if the source of the failed login attempts is still active. Consider temporarily disabling LFD or adding the IP to the allow list if needed.
  • This action takes effect immediately.
  • Use this option with caution — you are unblocking all currently banned IPs, including potentially malicious ones.

When to Use Flush All Blocks

  • A mass block event occurred (e.g., a misconfigured script triggered LFD to ban many legitimate users).
  • You've updated your block rules and want to clear the old temporary entries.
  • You're troubleshooting connectivity issues and need to rule out firewall blocks.

Troubleshooting

  • IPs get re-blocked immediately: LFD is likely still detecting the offending activity. Check /var/log/lfd.log for details, and add the legitimate IP to csf.allow if needed.
  • Can't find CSF in WHM: ConfigServer Security & Firewall is a third-party plugin. If not installed, see the ConfigServer documentation for installation instructions.
  • CSF page shows errors: Ensure iptables modules are loaded and CSF testing mode is disabled in /etc/csf/csf.conf.

For more information, see the ConfigServer Firewall documentation.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to set Default maximum email quota for new packages via WHM?

The Default maximum email quota for new packages setting in WHM controls the maximum email...
How to set Default disk usage quota for new packages via WHM?

The Default disk usage quota for new packages setting in WHM lets you define a default disk space...
How to set Default bandwidth limit for new packages via WHM?

When you create a new hosting package in WHM, cPanel uses a default bandwidth limit if you don't...
How to change cPanel PHP max POST size via WHM?

The cPanel PHP max POST size setting controls the maximum size of HTTP POST requests that...
How to change cPanel PHP max upload size via WHM?

What is the cPanel PHP Max Upload Size? The cPanel PHP max upload size setting controls the...