Fail2Ban iptables rules can be erased sometimes by disabling Plesk Firewall




  • Avatar
    Ehud Ziegelman

    Hi Taras Ermoshin and Pavel Rozental,


    I do not currently have such file as mentioned above in the walk-around solution for the known bug PPPM-9399 :



    May I ask, of this issue was resolved in an other way?

    Can you please advise?

    Comment actions Permalink
  • Avatar
    Julian Aubertin

    In my Opinion, the psa-firewall script needs to restart fail2ban when called, but only when fail2ban is active. This can be done by editing the /etcinit.d/psa-firewall skript like:

    after emergency=....


    fail2ban_restart () {
    if [ "active" == `/bin/systemctl is-active fail2ban.service` ] ; then
    echo "$SERVICE_NAME: fail2ban will restart now."
    systemctl restart fail2ban.service &
    echo "$SERVICE_NAME: fail2ban is not active and will not be restarted."

    fail2ban_restart checks if fail2ban is active and restarts ist when detected. You then need to call the function in the start, stop and restart section after the echo statements.

    In Ubuntu 16 fail2ban stores the bans in a DB so no ban will be lost. I assume it does also in other systems.

    Comment actions Permalink
  • Avatar
    Pavel Rozental

    Hello Julian,

    Thank you for provided information.

    I have passed it to our developers. They will consider this solution.

    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request