Some rules are removed from iptables firewall permanently




  • Avatar
    Julian Aubertin

    For Users of the Plesk Firewall (psa-firewall):

    disable apf service:

    systemctl stop apf
    systemctl disable apf

    and disable apf cron job:

    mv /etc/cron.daily/apf /etc/cron.daily/apf.disabled

    I had a hard time to find out why my iptables Ruleset gets wiped out on a daily basis and it was the apf cron job. This should be done by Plesk firewall install skripts in my opinion.

  • Avatar
    Alisa Kasyanova

    @Julian Aubertin

    Thank you for this resolution, I am sure other Pleskians will find it useful!

    As for the Plesk firewall script: APF is a third-party firewall, and Plesk cannot check whether the server has any third-party firewalls installed.

  • Avatar
    Julian Aubertin (Edited )

    I had this problem on a clean install. I searched the log and did never install apf-firewall. I am not sure where it came from. While searching for a solution it looked like that this problem ist popular and mostly solved by a workaround (when recognised). I worry about the Pleskians who not "iptables -L" and see that iptables gets wiped out and fail2ban got useless.

    The installscript of psa-firewall should do some check here.

  • Avatar
    Ivan Postnikov

    Hello @Julian,

    Thank you for sharing the idea, I have created a feature suggestion.

    Feel free to vote for it, popular suggestions are likely to be implemented

Please sign in to leave a comment.

Have more questions? Submit a request