Merge pull request #176 from annkots/master

TCR-828

Author: annkots

docs/dashboard/README.md

@@ -286,13 +286,17 @@ sed -ri "s/^(cmd=.*)$/\1--scan-archive/g" /etc/minidaemon/minidaemon-aibolit.cfg
 ## Firewall
 
 
-Tne <span class="notranslate">_All Lists_</span> tab allows viewing and managing the IP addresses in the following lists (listed by priority):
+The <span class="notranslate">_All Lists_</span> tab allows viewing and managing the IP addresses in the following lists (listed by priority):
 
 * <span class="notranslate">White</span> - the IP will not be blocked
 * <span class="notranslate">Drop/Black</span> - the IP will be blocked everywhere, on all ports and services
 * <span class="notranslate">Greylist</span> - the IP will be blocked completely on non-web ports (SSH, FTP, etc.), and will be shown Anti-Bot Challenge on web ports (80, 443, hosting panel ports)
 * <span class="notranslate">Anti-Bot Challenge</span> - the IP will be shown Anti-Bot challenge on web ports, and will not be blocked on others
 
+:::tip Note
+Blocked ports restrictions are enforced separately from IP list decisions. If you need a whitelisted IP/subnet to access a restricted port, allow it explicitly in [**Firewall → Ports**](/dashboard/#ports) by adding it to the [port’s allowlist](/dashboard/#edit-ports-in-the-blocked-ports-list), or grant **Full Access**.
+:::
+
 The counters for the lists are presented at the top of the table, reflecting the number of records matching the category.
 
 ![](/images/Firewall.png)

docs/features/README.md

@@ -45,6 +45,16 @@ Starting with imunify360-firewall-8.2.0 all IP lists are applied automatically.
 Specifying IPs in those files will not prevent Imunify from adding the same IPs to dynamic lists (like Grey list), but all White lists always have the priority over Black lists when it comes to actual filtering of requests/packages.
 :::
 
+:::warning Note
+Adding an IP/subnet to the external **White List** affects only IP-based firewall decisions. It **does not override** the **Blocked ports** policy.
+
+If a port is restricted in **Blocked ports**, the port may remain inaccessible even for whitelisted IPs/subnets. To allow access, you must explicitly whitelist the IP/subnet for that specific port via:
+- [**🔗 GUI**](/dashboard/#edit-ports-in-the-blocked-ports-list)
+- [**🔗 CLI**](/command_line_interface/#blocked-ports)
+
+See also: [“IP whitelisting/port blocking precedence”](/faq_and_known_issues/#ip-whitelisting-port-blocking-precedence) in FAQ & Known Issues.
+:::
+
 
 ## Global Ignore List