Submit a request

Technical question Licensing question
Sign in

How to manage Plesk extensions (install, disable, remove, update)
Plesk PHP handler is missing from Admin and Domains PHP Settings after installation
Performance Booster fails to be enabled for Pleks hosted domain: "gzip" directive is duplicate
Plesk Firewall can not be enabled in Plesk 18.0.52 and newer: I did not receive connectivity confirmation after applying new firewall configuration
Error in DigitalOcean DNS extension in Plesk after updating it to version 1.3.9: Call to a member function get HeaderLine() on null
Plesk Monitoring returns: An unexpected error occurred
Acronis Backup extension in Plesk can not perfrom some operations: Declaration of Modules_AcronisBackup_OperationsListAdapter::count() must be compatible with CommonPanel_View_List_Paginator_Array::count(): int
System updates ca not be installed in Plesk due to Imunify repositories: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY
Unable to install/update APS application in Plesk: Unable to change current directory
Unable to issue or reissue a Let's Encrypt Certificate: Certificate location not specified in response

See more

Plesk Firewall can not be enabled in Plesk 18.0.52 and newer: I did not receive connectivity confirmation after applying new firewall configuration

Gabriel Aznarez

Updated May 25, 2023 18:31

Plesk for Linux kb: technical

Symptoms

Plesk Firewall can not be enabled with one of the following errors:

PLESK_ERROR: The firewall configuration has failed.
I did not receive connectivity confirmation after applying new firewall configuration, then same happened after I reverted to previous configuration. This means that both new and previous configurations were bad. Emergency rollback to the configuration without rules was performed. Firewall is now disabled. Fix your rules and try again.

PLESK_ERROR: The firewall configuration has failed.
Command '['/usr/local/psa/var/modules/firewall/firewall-emergency.sh']' timed out after 5 seconds
In some cases nginx restarts for quite a long time, for example:

# time plesk sbin pleskrc nginx try-restart
real 0m12.762s
user 0m0.076s
sys 0m0.052s
Or Iptables is operating slow and cause the following command to take long time:

# time /usr/local/psa/var/modules/firewall/firewall-new.sh
real 0m25,584s
user 0m0,294s
sys 0m0,858s

Cause

Product issue:

#EXTPLESK-4587 "Firewall may fail to apply configuration if nginx restart takes too much time"
Fixed in:
- Firewall 2.0.2 4 May 2023

Resolution

Update the Plesk Firewall extension to the version 2.0.2 or higher.
Extend the confirmation timeout by adding the following lines to the end of panel.ini file with this instructions:

CONFIG_TEXT: [ext-firewall]
confirmTimeout = 15 ; the timeout in seconds before the configuration is rolled back
confirmTimeoutCli = 60 ; the timeout in seconds for the --confirm CLI command

Workaround

If an update is not possible for some reason try the following workaround:

workaround

Connect to the server via SSH.
Edit the file /usr/local/psa/admin/sbin/modules/firewall/rules and set DEFAULT_CONFIRM_INTERVAL to 30:

# grep DEFAULT_CONFIRM_INTERVAL /usr/local/psa/admin/sbin/modules/firewall/rules
DEFAULT_CONFIRM_INTERVAL = 30

Comments

3 comments

Peter Kielbasiewicy May 16, 2023 15:03

My extensions are set to automatic update and all my extensions are shown up-to-date but the problem still exists.

1

Comment actions Permalink
Peter Kielbasiewicy May 16, 2023 15:08

After I tried to run a very simple change to my firewall config my server stalled and it is now not accessible anymore (neither from the web GUI nor from SSH).

What is going on here?

Please supply a fix for this problem immediately

1

Comment actions Permalink
Unknown User May 25, 2023 13:30
After this last update, When I modify and apply changes I get "Load Failed" and then a "Failed to apple the firewall configuration." error. With the details of:
- I did not receive connectivity confirmation after applying new firewall configuration, then same happened after I reverted to previous configuration. This means that both new and previous configurations were bad. Emergency rollback to configuration without rules was performed. Firewall is now disabled. Fix your rules and try again."
1

Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request