How to block an IP address in Plesk Firewall

Follow

Comments

8 comments

  • Avatar
    Peter Kielbasiewicz

    I have blocked some IPs according to the given recipe but they still show up in mail.log on my Ubuntu 16LTS server.

    iptables -L -n | grep DROP shows the banned IP but in mail.log I still see lines like this:

    Oct 7 08:29:10 h2731456 postfix/smtpd[15954]: connect from unknown[89.248.162.145]
    Oct 7 08:29:10 h2731456 plesk_saslauthd[15957]: failed mail authentication attempt for user 'support@stratoserver.net' (password len=7)

     

    0
    Comment actions Permalink
  • Avatar
    Taras Ermoshin

    @Peter Kielbasiewicz Hello!

    Make sure that all TCP ports used by SMTP - 25, 465, 587 - are added in the Ports section of the rule.

    Also, consider using Fail2Ban to protect from brute force attacks (there is already "plesk-postfix" jail in the Fail2Ban shipped with Plesk).

    0
    Comment actions Permalink
  • Avatar
    Karl May

    Here you should also find how to block parts of an IP-Range like 1.2.0.0/16. A ip subnet calculator would be nice ;)

    1
    Comment actions Permalink
  • Avatar
    Luis Zubeldia

    is posible to block ip ranges?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Luis Zubeldia

    Please, vote for this functionality to be added in upcoming updates here.

    0
    Comment actions Permalink
  • Avatar
    Peter Kielbasiewicz

    I think you cannot block an IP range with a fromAddress - to Address construct but you can easily block a network segment with a subnet mask.

    There are various online subnet calculators on the internet, just google for it.

    A common tasks is to block a class C subnet range by giving a base IP address like 94.25.181.0 and a bitmask which tells how many bits of the IP should be treated as fixed.

    E. g. adding 94.25.181.0/24 to the firewall treats the leftmost 24 bits as fixed and thus blocks the address range 94.25.181.0 - 94.25.181.255.

     

     

    0
    Comment actions Permalink
  • Avatar
    Simon Ang

    If we have a very LONG LONG list of IP address that we want to put in Fail2Ban, is a way to upload it in a file form and than individually upload each IP. Please advice.

    0
    Comment actions Permalink
  • Avatar
    Anton Maslov

    Hello Simon,

    I assume command line + scripting will do the trick. Please check this documentation to see how to manage fail2ban with command line.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request