Plesk Firewall can't be enabled on Virtuozzo/OpenVZ container: Did not receive a matching activation token before confirmation timeout:

Symptoms

• Attempts to enable the Plesk firewall fail.
• Plesk runs on a Virtuozzo/OpenVZ container
• Errors like the following can be found in Plesk log (/var/log/plesk/panel.log):

DEBUG [extension/firewall] [65e9741b4beb1] Finished in 0.09717s, Error code: 1, stdout: Too late to confirm: new rules were rolled back, stderr:
ERR [panel] Long task executor: id=367 completed with error: Did not receive a matching activation token before confirmation timeout:

Cause

The conntracc module required by Netfilter (IP Tables) is disabled on the OpenVZ side (default behavior).

Resolution

Enable connection tracking on Virtuozzo/OpenVZ side with the following command:

# prlctl set [container_name] --netfilter full

Note: This operation is meant to be done on the hypervisor side. If you don't have access to it, contact the technical support of your hosting provider.