Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to block an IP address in Plesk Firewall?
Answer
-
Go to Tools & Settings > Firewall.
Note: If Firewall is not available, install it using the instructions from this KB article.
-
Click Modify Plesk Firewall Rules.
Note: If Plesk Firewall is not enabled, click Enable Firewall Rules Management and follow the on-sceen instructions.
-
Click Add Custom Rule.
-
Fill in the Name of the rule field, set Match direction according to the requirements and choose Deny in the Action field:
-
Set the port or the port range, mark TCP or UDP protocol according to the needs and click Add. Added ports will appear in the table on the left side:
Note: If no ports were specified, the rule will be applied to all ports.
-
Add the required IP address to field Add IP address or network: and click Add. The added IP addresses will appear in the table on the left side:
-
Click OK.
-
Click Apply Changes.
- Log in to Plesk.
-
Go to Tools & Settings > Firewall.
-
Click Firewall Rules.
-
Click Add Firewall Rule.
-
Make sure the checkbox Switch on the rule is active. Fill in the The rule name field, set Profile according to the profile of the network interface (mark all of them if there are no confidence of which profile is in use):
-
Choose Deny in the Action field, set the port or the port range, mark TCP or UDP protocol according to the needs:
-
Add the required IP address to field Add IP address or network: and click Add. The added IP addresses will appear in the table on the left side:
-
Click OK.
Additional Information
Examples
Match Direction: Incoming
Action: Deny
Ports:
- TCP 80
- UDP 80
- TCP 443
- UDP 443
Sources: 203.0.113.2
Match Direction: Incoming
Action: Deny
Ports:
- TCP 25
- UDP 25
- TCP 465
- UDP 465
Sources: 203.0.113.2
Comments
8 comments
I have blocked some IPs according to the given recipe but they still show up in mail.log on my Ubuntu 16LTS server.
iptables -L -n | grep DROP shows the banned IP but in mail.log I still see lines like this:
Oct 7 08:29:10 h2731456 postfix/smtpd[15954]: connect from unknown[89.248.162.145]
Oct 7 08:29:10 h2731456 plesk_saslauthd[15957]: failed mail authentication attempt for user 'support@stratoserver.net' (password len=7)
@Peter Kielbasiewicz Hello!
Make sure that all TCP ports used by SMTP - 25, 465, 587 - are added in the Ports section of the rule.
Also, consider using Fail2Ban to protect from brute force attacks (there is already "plesk-postfix" jail in the Fail2Ban shipped with Plesk).
Here you should also find how to block parts of an IP-Range like 1.2.0.0/16. A ip subnet calculator would be nice ;)
is posible to block ip ranges?
Hello Luis Zubeldia
Please, vote for this functionality to be added in upcoming updates here.
I think you cannot block an IP range with a fromAddress - to Address construct but you can easily block a network segment with a subnet mask.
There are various online subnet calculators on the internet, just google for it.
A common tasks is to block a class C subnet range by giving a base IP address like 94.25.181.0 and a bitmask which tells how many bits of the IP should be treated as fixed.
E. g. adding 94.25.181.0/24 to the firewall treats the leftmost 24 bits as fixed and thus blocks the address range 94.25.181.0 - 94.25.181.255.
If we have a very LONG LONG list of IP address that we want to put in Fail2Ban, is a way to upload it in a file form and than individually upload each IP. Please advice.
Hello Simon,
I assume command line + scripting will do the trick. Please check this documentation to see how to manage fail2ban with command line.
Please sign in to leave a comment.