Articles in this section

See more

How to manage firewall rules on a Plesk for Linux server

Avatar
Kuzma Ivanov
Updated
Follow

Applicable to:

  • Plesk for Linux

Question

How to manage firewall rules on a Plesk for Linux server?

Answer

Note: If Plesk Firewall is not installed, install it according to this KB article.

 

Managing firewall rules via Plesk interface

Go to Tools & Settings > Firewall > click Enable Firewall Rules Management > Enable. All predefined bu Plesk rules that are required for Plesk functionality will be enabled.

Note: If a custom SSH port is used, after enabling Plesk Firewall it is required to add a rule for this custom SSH port to allow connections. See the instructions below.


Screenshot_2018-10-10_Plesk_Onyx_17_8_11_4_.png

To enable/disable/modify firewall rules, click Modify Plesk Firewall Rules.


Screenshot_2018-10-10_Plesk_Onyx_17_8_11.png

Below is an example of adding a rule that will allow connections to custom SSH port 2222.

  1. Click Add Custom Rule.


    Screenshot_2018-10-10_Plesk_Onyx_17_8_11_1_.png

  2. Fill in the fields and click OK:

    • Name of the rule: Custom SSH port
    • Match direction: Incoming
    • Action: Allow
    • Ports: TCP 2222
    • Sources: Specify IP addresses from which SSH connections will be allowed. In this example, SSH connections to a custom port are allowed from 203.0.113.2.


    Screenshot_2018-10-10_Plesk_Onyx_17_8_11_2_.png

  3. Click Apply Changes.


    Screenshot_2018-10-10_Plesk_Onyx_17_8_11_3_.png

 

Managing firewall rules via SSH connection

  1. Connect to a Plesk server via SSH.

  2. Run the commands below to add rules to the firewall configuration. Below is an example of adding rules to allow/forbid ports 8443 and 8880:

    For SystemV-based OSes and SystemD where firewalld is disabled

    • To allow connections to ports:

      # iptables -I INPUT -p tcp --dport 8443 -m state --state NEW -j ACCEPT
      # iptables -I INPUT -p tcp --dport 8880 -m state --state NEW -j ACCEPT

    • To forbid connections to ports:

      # iptables -I INPUT -p tcp -s 203.0.113.2 --dport 8443 -j DROP
      # iptables -I INPUT -p tcp -s 203.0.113.2 --dport 8880 -j DROP

    • To save the changes, run:

      # service iptables save

    Note: If it does not work for your OS, try the next one.

     

    For SystemD-based OSes where firewalld is enabled

    • To allow connections to ports:

      # firewall-cmd --zone=public --permanent --add-port=8443/tcp
      # firewall-cmd --zone=public --permanent --add-port=8880/tcp

    • To forbid connections to ports:

      # firewall-cmd --zone=public --permanent source address='203.0.113.2' port protocol='tcp' port='8880' reject
      # firewall-cmd --zone=public --permanent source address='203.0.113.2' port protocol='tcp' port='8443' reject

    • To save the changes, run:

      # firewall-cmd --reload

 

Additional Information

Comments

3 comments

Sort by Date Votes
  • Avatar
    Sales

    Is it not possible to disable only 1 firewall rule?

    I have a large amount of blocked spammers ip's but recently switched to a paid DNSBL and would like to just deactivate the 1 rule for testing.

    0
    Permalink
  • Avatar
    Ivan Postnikov

    Hi @Sales,

    It's possible to delete the rule.

    To go Tools&Settings > FIrewall > Modify Plesk Firewall Rules, select the required rule and click Delete:

    Here is a short demonstration:

    https://cl.ly/3109cb028117

    0
    Permalink
  • Avatar
    Sales

    Yes that is possible to delete but not disable. I was looking for a way to deactivate 1 rule temporarily for testing. Because it contains 300+ IP's I would have to add it back 1 ip at a time.  

    I made an extension that allows me to export the rules and then re import for testing.

    Thanks.

    0
    Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles