English (US) 日本語
Submit a request

Technical question Licensing question
Sign in

Plesk is showing error 502 after enabling SQL debug: PHP Fatal error: Couldn't execute method Zend_Log::__destruct in Unknown on line 0
Random pages in Plesk can not be opened with: 500 ApiFetchError
ASP.NET or other components installed not via Plesk are not detected at Server Components menu
Unable to Edit SPF TXT Record: Variable "$input" got invalid value
Plesk can not be updated or is not accessible: Class Laminas\ServiceManager\ServiceLocatorInterface cannot implement previously implemented interface
Unable to click the checkbox in the settings screen on Plesk: the Hand pointer cursor does not appear
Tasks in Plesk are never executed and stuck as new: Cannot fetch process properties
Domain log viewer in Plesk interface loads endlessly when Node.js is installed for the domain
Plesk Repair tool fails to fix File System error: bytes-like object is required, not 'str'
Feature “Website Log Check” on Plesk Obsidian 18.0.45 stops working after first log check and leads to subscriptions/domains menus showing blank page or error 500

See more

Fail2Ban iptables rules can be erased sometimes by disabling Plesk Firewall

Taras Ermoshin

Updated May 25, 2022 10:46

Plesk Onyx for Linux kb: bug ABT: Group A

Applicable to:

Plesk Onyx for Linux

Symptoms

When Fail2Ban is enabled and has already banned some IP addresses, its rules in iptables can be removed when Plesk Firewall is disabled.

Cause

Plesk bug PPPM-9399 that is planned to be fixed in future updates.

Resolution

Until the bug is fixed, use the workaround:

Connect to the server using SSH.
Open the file /etc/init.d/psa-firewall for editing and modify it as follows:
- Before:
  
  CONFIG_TEXT: if "$emergency"; then
  echo "$SERVICE_NAME: firewall successfully disabled"
  exit 0
  else
  echo "$SERVICE_NAME: failed to disable firewall"
  exit 1
  fi
- After:
  
  CONFIG_TEXT: if "$emergency"; then
  echo "$SERVICE_NAME: firewall successfully disabled"
  
  if [ "active" == `/bin/systemctl is-active fail2ban.service` ] ; then
  echo "$SERVICE_NAME: fail2ban will restart now."
  systemctl restart fail2ban.service &
  else
  echo "$SERVICE_NAME: fail2ban is not active and will not be restarted."
  fi
  exit 0
  
  else
  echo "$SERVICE_NAME: failed to disable firewall"
  exit 1
  fi

Note: After this modification, Fail2Ban service will be restarted on Plesk firewall disable action.

Comments

3 comments

Julian Aubertin March 14, 2019 09:11

In my Opinion, the psa-firewall script needs to restart fail2ban when called, but only when fail2ban is active. This can be done by editing the /etcinit.d/psa-firewall skript like:

after emergency=....

insert:

fail2ban_restart () {
if [ "active" == `/bin/systemctl is-active fail2ban.service` ] ; then
echo "$SERVICE_NAME: fail2ban will restart now."
systemctl restart fail2ban.service &
else
echo "$SERVICE_NAME: fail2ban is not active and will not be restarted."
fi
}

fail2ban_restart checks if fail2ban is active and restarts ist when detected. You then need to call the function in the start, stop and restart section after the echo statements.

In Ubuntu 16 fail2ban stores the bans in a DB so no ban will be lost. I assume it does also in other systems.

0

Comment actions Permalink
Pavel Rozental March 19, 2019 03:25

Hello Julian,

Thank you for provided information.

I have passed it to our developers. They will consider this solution.

0

Comment actions Permalink
Ehud Ziegelman May 25, 2022 10:46

Hi Taras Ermoshin and Pavel Rozental,

I do not currently have such file as mentioned above in the walk-around solution for the known bug PPPM-9399 :

/etc/init.d/psa-firewall

May I ask, of this issue was resolved in an other way?

Can you please advise?

0

Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request