A healthy-looking GUI can hide disabled network enforcement. CLI is the source of truth for cPGuard firewall state.
Diagnostic sequence
cpgcli status
cpgcli fw --status
iptables -S | head
nft list ruleset | headSafe enablement
cpgcli ip --allow 203.0.113.10 --reason "Admin access"
cpgcli fw --enable
cpgcli fw --statusOperational checks
cpgcli ip --temp-ban --list
cpgcli waf --watchFinal takeaway
Always trust CLI state, enable firewall with pre-allowlist, and keep evidence of before/after state in incident records.
This post is licensed under CC BY-NC.
Comments
Join the discussion below.
Comments are not configured yet. Add Cusdis settings in /assets/json/config/blog-comments-config.json.