Applicable to:
- Plesk for Linux
- Ubuntu 22.04
Symptoms
-
After updating Plesk to 18.0.67.3, Docker connections to external IPs got blocked
-
Ping from docker container to external IP doesn't work while internal IP does
-
The following docker package is installed on the server:
# dpkg-query --list |grep docker-ce
ii docker-ce 5:28.0.0-1~ubuntu.22.04~jammy arm64
ii docker-ce-cli 5:28.0.0-1~ubuntu.22.04~jammy arm64
Cause
This was identified as a bug with ID EXTPLESK-8001
In Docker version 28.0.0, Docker's networking setup appended rules directly to the FORWARD chain in iptables to the end after DROP
-A FORWARD -j DROP
-A FORWARD -i br-c5a345a92ad7 -j ACCEPT
-A FORWARD -i docker0 -j ACCEPT
-A FORWARD -i br-353937b03a8c -j ACCEPT
Resolution
This fix will be included in Plesk version 18.0.68 within Plesk Firewall extension.
Update Plesk to the latest build to fix this issue
Upgrade docker package to fixed 28.0.1 version
-
Connect to the server via SSH
-
Make sure docker new version is available:
# apt list --upgradable | grep docker
docker-ce-cli/jammy 5:28.0.1-1~ubuntu.22.04~jammy arm64 [upgradable from: 5:28.0.0-1~ubuntu.22.04~jammy]
docker-ce/jammy 5:28.0.1-1~ubuntu.22.04~jammy arm64 [upgradable from: 5:28.0.0-1~ubuntu.22.04~jammy]
docker-compose-plugin/jammy 2.33.1-1~ubuntu.22.04~jammy arm64 [upgradable from: 2.33.0-1~ubuntu.22.04~jammy] -
Update docker packages
# apt install --only-upgrade docker-ce docker-ce-cli docker-compose-plugin
-
Make sure docker version was updated:
# docker --version
Docker version 28.0.1, build 068a01e -
Re-create firewall rules via extension:
# plesk ext firewall --disable -auto-confirm-this-may-lock-me-out-of-the-server
# plesk ext firewall --enable -auto-confirm-this-may-lock-me-out-of-the-server
Warning: The containers will be restarted
Comments
0 comments
Please sign in to leave a comment.