Plesk 11 Set firewall rules manually
The actual configuration files for the firewall under Plesk are in the
/usr/local/psa/var/modules/firewall/
directory and in particularly in the
firewall-active.sh
script
make your changes in there and then restart the firewall through
/etc/init.d/psa-firewall restart
BUT these changes are not reflected in the web interface so if you change anything in those files you cannot not use the web interface to check the firewall.
Also I have the impression that even accessing the web interface of the firewall it will rewrite your handwritten rules even though you don't do any changes but I am not 100% certain on that.
Do a iptables -L or similar to see the state of your applied rules
Related videos on Youtube
Marm
Updated on September 18, 2022Comments
-
Marm almost 2 years
I have a big spamming problem on my site from ip addresses coming from Asia. My website is designed for people in France and Canada, so I want to block all ip addresses from Asia to avoid spam. I found a list of about 1400 ip range and I want to create a rule in Plesk firewall that blocks all these ips.
The plesk interface allows me to enter ip addresses one by one, but is there a way to add a list in bulk?
I changed the database entry corresponding to my rule in module_firewall_rules table.
When I click on the firewall link in plesk, I see all my ip addresse. But when I click on "Edit Firewall Configuration", I just see the one I enter when I've created the rule. So when I click on apply, there's only this address in the rule and the database is overwritten.
So, is there a way to generate the firewall-active.sh with the database record manually?
If not, is there a way to bulk insert ip addresses to a firewall rule?
-
HopelessN00b over 9 yearsAdministration panels are off topic. Even the presence of an administration panel on a system, because they take over the systems in strange and non-standard ways, making it difficult or even impossible for actual system administrators to manage the servers normally, and tend to indicate low-quality questions from users with insufficient knowledge for this site.
-
-
Marm over 11 yearsThanks a lot. I've tried to change this file manually and then restart the firewall using the web interface, and the file was rewritten to fit the web interface. I will try to restart the firewall in command line. But plesk must store the web interface config somewhere? There is no way to change the config there so the web interface will match the file?
-
thanosk over 11 yearsFrom my understanding no. The web interface saves its config in db and xml files but it does not support that kind of firewall rule. Also when you restart the firewall from the web interface it also resets the saved configuration. Just edit the file and use the command line to restart it. Automated graphical tools like Plesk are nice and quite helpful but they do have their obvious shortcomings.