Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to block an IP address in Plesk Firewall?
Answer
-
Go to Plesk > Tools & Settings > Firewall.
Note: If Firewall is not presented then it is not installed. Install it using this article.
-
Click on Modify Plesk Firewall Rules.
Note: If only Enable Firewall Rules Management is presented, press on it in order to enable firewall first. Then, follow instructions on the screen.
-
Press Add Custom Rule.
-
Fill Name of the rule field, set Match direction according to the requirements and choose Deny in the Action field:
-
Set the port or the port range, mark TCP or UDP protocol according to the needs and press Add button. Added ports will be presented in the table on the left side:
Note: If no ports were specified the rule will be working for any port only for specified protocol.
-
Add the required IP address to field Add IP address or network: and press Add button. The added IP addresses will appear in the table on the left side:
-
Press OK.
-
Click Apply Changes.
-
Go to Plesk > Tools & Settings > Firewall.
Note: If green button Switch On is presented, press on it in order to enable firewall first.
-
Click on Firewall Rules.
-
Press Add Firewall Rule.
-
Make sure the tickbox Switch on the rule is active. Fill The rule name field, set Profile according to the profile of the network interface (mark all of them if there are no confidence of which profile is in use):
-
Choose Deny in the Action field, set the port or the port range, mark TCP or UDP protocol according to the needs:
-
Add the required IP address to field Add IP address or network: and press Add button. The added IP addresses will appear in the table on the left side:
-
Press OK.
Additional information:
Here are several examples:
Match Direction:
Incoming
Action:
Deny
Ports:
TCP 80
UDP 80
TCP 443
UDP 443
Sources:
203.0.113.2
Match Direction:
Incoming
Action:
Deny
Ports:
TCP 25
UDP 25
TCP 465
UDP 465
Sources:
203.0.113.2
Comments
2 comments
I have blocked some IPs according to the given recipe but they still show up in mail.log on my Ubuntu 16LTS server.
iptables -L -n | grep DROP shows the banned IP but in mail.log I still see lines like this:
Oct 7 08:29:10 h2731456 postfix/smtpd[15954]: connect from unknown[89.248.162.145]
Oct 7 08:29:10 h2731456 plesk_saslauthd[15957]: failed mail authentication attempt for user 'support@stratoserver.net' (password len=7)
@Peter Kielbasiewicz Hello!
Make sure that all TCP ports used by SMTP - 25, 465, 587 - are added in the Ports section of the rule.
Also, consider using Fail2Ban to protect from brute force attacks (there is already "plesk-postfix" jail in the Fail2Ban shipped with Plesk).
Please sign in to leave a comment.