Firewall Viewer
/admin/iptables shows the live firewall ruleset for your tenant. It is a read-only view: you can see exactly which addresses are currently blocked at the network level and why. To add or remove a block, use the IP Bans page (see below).
For managing bans and whitelists, see IP Bans & Security.
Page anatomy
The page has three zones:
| Zone | What it shows |
|---|---|
| Stat strip | Live counts: active blocks, whitelisted addresses, recent activity |
| Filter chips | One-click filters by type and source |
| Table | Every active firewall rule, with a sticky header as you scroll |
The page looks correct on both light and dark themes.
Stat strip
A row of live counters:
- Active blocks. Addresses currently blocked.
- Whitelisted. Addresses that are never auto-blocked.
- Recent activity. New blocks added in the last 24 hours.
Each counter clicks through to a filtered view of the table.
Filter chips
A row of chips below the stat strip. Click a chip to filter the table; click again to clear. Multiple chips stack.
- Type: Block, Whitelist
- Source: Manual or automatic
- Age: Last hour, Last 24h, Last 7d, All time
The filter is reflected in the URL, so you can share a filtered view.
Table
A single sticky-header table. Columns:
| Column | Notes |
|---|---|
| IP | Click to copy |
| CIDR | If the entry is a range, the network mask |
| Type | Block or Whitelist |
| Source | Manual or automatic |
| Reason | Free text or rule reference |
| Added | Time ago, full timestamp on hover |
| Expires | When the block auto-lifts (blank for permanent) |
Click any column header to sort.
Adding and removing blocks
Adding a block, adding a whitelist, and lifting a block all happen on the IP Bans page, not here. This viewer is read-only by design, so a glance at the firewall can never change it. Open IP Bans & Security to make changes.
How current the view is
The view can be up to about a minute behind the live ruleset. If you just added or lifted a block on the IP Bans page and don't see it reflected here yet, give it a minute or refresh.
If the view shows a stale-data warning that persists for more than a few minutes, open a ticket with [email protected] and we'll look into it.
Blocks you did not add
Some addresses are blocked automatically when they show clear signs of abuse, such as brute-force login attempts or known attack patterns. These appear in the table with their Source set to automatic and a short reason.
If you think an automatic block caught a real member by mistake, lift it and add a whitelist for their address on the IP Bans page. Whitelisted addresses are never auto-blocked.
Mobile
The page is fully responsive. On narrow screens the stat strip stacks, the filter chips wrap, and the table switches to a card layout with key fields stacked.
Access
Requires the Tenant Super Admin role. This page is view-only.
Common scenarios
"I accidentally blocked my own address and now I cannot log in."
Get back in from a different network (cell data or a VPN), open the IP Bans page, find your address, and lift the block. If you have no second device, email [email protected] with the timestamp of when you locked yourself out, and we can clear it.
"I see a block I do not understand."
Check the Source and Reason columns. If the source is automatic, the address matched an abuse pattern. You can lift it from the IP Bans page without needing to know the original trigger. Worth flagging recurring patterns to support so we can tune them.
"I need to block a whole range."
Use CIDR notation on the IP Bans page. For example, 198.51.100.0/24 covers all 256 addresses in that range. Very broad ranges are clamped to avoid accidentally blocking a large provider's whole address space.
When to escalate
Open a ticket with [email protected] if:
- The stale-data warning stays up for more than 10 minutes
- An address you lifted is still being blocked after a couple of minutes
- You're seeing a surge of automatic blocks during a busy event and the traffic looks legitimate
Support can tune the automatic block thresholds and clear stuck states for you.
## Firewall Viewer `/admin/iptables` shows the live firewall ruleset for your tenant. It is a read-only view: you can see exactly which addresses are currently blocked at the network level and why. To add or remove a block, use the IP Bans page (see below). For managing bans and whitelists, see [IP Bans & Security](/know/ip-bans-and-security). --- ## Page anatomy The page has three zones: | Zone | What it shows | |---|---| | Stat strip | Live counts: active blocks, whitelisted addresses, recent activity | | Filter chips | One-click filters by type and source | | Table | Every active firewall rule, with a sticky header as you scroll | The page looks correct on both light and dark themes. --- ## Stat strip A row of live counters: - **Active blocks.** Addresses currently blocked. - **Whitelisted.** Addresses that are never auto-blocked. - **Recent activity.** New blocks added in the last 24 hours. Each counter clicks through to a filtered view of the table. --- ## Filter chips A row of chips below the stat strip. Click a chip to filter the table; click again to clear. Multiple chips stack. - **Type:** Block, Whitelist - **Source:** Manual or automatic - **Age:** Last hour, Last 24h, Last 7d, All time The filter is reflected in the URL, so you can share a filtered view. --- ## Table A single sticky-header table. Columns: | Column | Notes | |---|---| | IP | Click to copy | | CIDR | If the entry is a range, the network mask | | Type | Block or Whitelist | | Source | Manual or automatic | | Reason | Free text or rule reference | | Added | Time ago, full timestamp on hover | | Expires | When the block auto-lifts (blank for permanent) | Click any column header to sort. --- ## Adding and removing blocks Adding a block, adding a whitelist, and lifting a block all happen on the **IP Bans** page, not here. This viewer is read-only by design, so a glance at the firewall can never change it. Open [IP Bans & Security](/know/ip-bans-and-security) to make changes. --- ## How current the view is The view can be up to about a minute behind the live ruleset. If you just added or lifted a block on the IP Bans page and don't see it reflected here yet, give it a minute or refresh. If the view shows a stale-data warning that persists for more than a few minutes, open a ticket with [[email protected]](mailto:[email protected]) and we'll look into it. --- ## Blocks you did not add Some addresses are blocked automatically when they show clear signs of abuse, such as brute-force login attempts or known attack patterns. These appear in the table with their **Source** set to automatic and a short reason. If you think an automatic block caught a real member by mistake, lift it and add a whitelist for their address on the IP Bans page. Whitelisted addresses are never auto-blocked. --- ## Mobile The page is fully responsive. On narrow screens the stat strip stacks, the filter chips wrap, and the table switches to a card layout with key fields stacked. --- ## Access Requires the Tenant Super Admin role. This page is view-only. --- ## Common scenarios **"I accidentally blocked my own address and now I cannot log in."** Get back in from a different network (cell data or a VPN), open the IP Bans page, find your address, and lift the block. If you have no second device, email [email protected] with the timestamp of when you locked yourself out, and we can clear it. **"I see a block I do not understand."** Check the **Source** and **Reason** columns. If the source is automatic, the address matched an abuse pattern. You can lift it from the IP Bans page without needing to know the original trigger. Worth flagging recurring patterns to support so we can tune them. **"I need to block a whole range."** Use CIDR notation on the IP Bans page. For example, `198.51.100.0/24` covers all 256 addresses in that range. Very broad ranges are clamped to avoid accidentally blocking a large provider's whole address space. --- ## When to escalate Open a ticket with [[email protected]](mailto:[email protected]) if: - The stale-data warning stays up for more than 10 minutes - An address you lifted is still being blocked after a couple of minutes - You're seeing a surge of automatic blocks during a busy event and the traffic looks legitimate Support can tune the automatic block thresholds and clear stuck states for you.
