Plesk for Linux
ABT: Group A
How to manage local firewall rules using Plesk Firewall in Plesk for Linux?
Note: If Plesk Firewall is not installed, install it using the steps from this KB article.
Note: Before enabling Plesk Firewall, disable firewalld via SSH if it is installed:
# systemctl stop firewalld && systemctl disable firewalld
In Plesk, go to Tools & Settings > Firewall > click Enable Firewall Rules Management > Enable. All predefined by Plesk rules that are required for Plesk functionality will be enabled.
Note: If a custom SSH port is used, after enabling Plesk Firewall it is required to add a rule for this custom SSH port to allow SSH connections. See the instructions below.
To add/remove/modify firewall rules, click Modify Plesk Firewall Rules.
Adding a custom rule in Plesk Firewall
Below is an example of adding a rule that will allow connections to custom SSH port 2222.
Click Add Custom Rule.
Fill in the fields and click OK:
- Name of the rule: Custom SSH port
- Match direction: Incoming
- Action: Allow
- Ports: TCP 2222
- Sources: Specify IP addresses from which SSH connections will be allowed. In this example, SSH connections to a custom port are allowed from 203.0.113.2.
Click Apply Changes.
Managing firewall rules via a command-line interface
/usr/local/psa/bin/modules/firewall/settings utility to manage Plesk Firewall in a command-line interface.
For a complete list of available options, run this help command:
# /usr/local/psa/bin/modules/firewall/settings --help
Below is an example of enabling Plesk Firewall:
- Connect to a Plesk server via SSH in 2 separate SSH windows.
On the SSH windows A, enable the firewall:
# /usr/local/psa/bin/modules/firewall/settings -e
On the SSH window B, confirm the changes within 60 seconds:
# /usr/local/psa/bin/modules/firewall/settings --confirm
All predefined by Plesk rules that are required for Plesk functionality will be enabled.
Below is an example of adding a new rule with the name "My rule" which will deny incoming connections from 203.0.113.2 on ports 2222/tcp, 2222/udp:
Connect to a Plesk server via SSH in 2 separate SSH windows.
On the SSH window A, create a new rule and apply it:
# /usr/local/psa/bin/modules/firewall/settings -s -name 'My rule' -direction input -action deny -ports '2222/tcp,2222/udp' -remote-addresses "203.0.113.2"
# /usr/local/psa/bin/modules/firewall/settings -a
Back to the SSH window B, confirm the changes within 60 seconds:
# /usr/local/psa/bin/modules/firewall/settings -c