• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Adding IPs in bulk to a custom firewall rule

QWeb Ric

Basic Pleskian
We often get bombarded with malicious traffic from bad bots or infected sites hosted on particular networks, so when I find myself blocking the same IP ranges across multiple websites, or various IPs from the same network, I generally end up looking up the entire list of IP ranges belonging to that network and then creating a custom firewall rule to block the whole lot out.

This works well, but when a network contains hundreds of CIDR's it's ridiculously tedious to enter each individual address into the sources list! Is there any way to add these ranges in bulk? If not through Plesk itself, then via its database perhaps?
 
Still hoping for a better answer, but I've figured out a workaround for now. In case anybody else stumbles onto this:

Say you want to block a whole network comprised of a long list of CIDR's, like ASN Information for ASN 14061 - WhatIsMyIP.com ®

- Copy + paste each countries list into a text editor. I used Notepad++.
- Find + replace the tabs with line breaks.
- Copy + paste the result into Sort My List - Alphabetize, Remove Line Breaks, Add Labels, Prune Text and hit the alphabetical sort button, (numerical doesn't quite work properly with CIDR's it seems). I'm not sure if this step is necessary, but when adding one-by-one Plesk maintains alphabetical sorting so better safe than sorry...
- Copy the result to your clipboard.
- Open a spreadsheet software, I used LibreOffice Calc, and past the clipboard into columns B, D, and F.
- Paste <option value=" into column A.
- Paste " title=" into column C.
- Paste "> into column E.
- Paste </option> into column G.
- Select all and copy + paste back into a text editor. Again I used Notepad++.
- Find + replace all tabs or commas, (depending on the spreadsheet software), with an empty string.
- Copy the result to your clipboard.
- Open Plesk in Chrome, click through to create a new custom rule, give it a name as usual and set to "deny"
- Right-click the IP's list and Inspect element.
- Right-click the <select id="p[from][select]"... element and click to Edit as HTML.
- Paste the clipboard content in place of any existing <option>...</option> elements, then click outside of the edit box to apply.
- Save the new rule as normal.

In a nutshell, editing the page DOM seems to work. Note though that Plesk seems to do some format checking etc when using the actual Add button so this approach skips over that and might therefore be a tad dangerous. I.e. if you mess up what's being pasted in, Plesk might push badly formatted crud to the firewall.
 
/usr/local/psa/bin/modules/firewall/settings -s -name 'Block NAME A' -direction input -action deny -ports '' -remote-addresses "LIST"


/usr/local/psa/bin/modules/firewall/settings -s -name 'Block NAME B' -direction input -action deny -ports '' -remote-addresses "LIST"


/usr/local/psa/bin/modules/firewall/settings -s -name 'Block NAME C' -direction input -action deny -ports '' -remote-addresses "185.100.0.0/16, 200.17.5.18"




and then apply and confirm only once at the end:
On first SSH:
/usr/local/psa/bin/modules/firewall/settings -a
On second SSH:
/usr/local/psa/bin/modules/firewall/settings -c




As per the root cause of rules application issue: the files I removed are created by rules activation script and should be removed at the end of the script
Other firewall rules activation process could be executed and stuck when you launched another one.
To avoid such issue, check if there any running firewall processes:

# ps aux | grep [f]irewall-new.sh

If there are not any, feel free to apply the rules.


Get list of CIDR IPs of a specific ASN network
whois -h whois.radb.net -- '-i origin AS207459' | grep ^route
Or use the URL:


# Remove a rule
/usr/local/psa/bin/modules/firewall/settings --remove-rules "Rule Name"
 
Thanks @Ehud that's exactly what I was hoping for.

Is there a limit to the number of IPs you can add in one go with the comma separators? And what do those initial LIST lines do?
 
Thanks @Ehud that's exactly what I was hoping for.

Is there a limit to the number of IPs you can add in one go with the comma separators? And what do those initial LIST lines do?
No limit, however you should use a strong server.

Each rule should have about up to 200 records, that may be CIDR ranges themselves.

Try not to place more than a few x.x.x.x/16 ranges on each rule.

In total I have about 8-10 Million IPs blockes.

I block all CIDR ranges for ISP of VPS used by hackers to attack our instance as seen in log files, and where legitimate use does not come from.

This can be found by IP check as on:

Which shows the ASN, to be placed into:

And then copy to Excel, and create a comma seperated CIDR IP list. I split long lists and remove duplications (seacrh for the x.x.x.x/16 and see no duplications follow).

Excel structure:

First line:
First column is IPs
Second is ,
Third is =CONCATENATE(A1,B1)

Second line:
First column is IPs
Second is ,
Third is =CONCATENATE(A2,B2)
Fourth is =CONCATENATE(C1,C2) <-- this combines the new data with the list of data from previous lines
Drag the code downwards

Once pasting a list after it was cleaned from duplication
Copy special as values in Excel, and then into the *.txt files of the rules to be paced into SSH CLI

Paste about 2-3 rules each time.
Then activate on that first SSH console
Confirm on the second SSH console within 60 seconds

The update of the FireWall get to take 90-120 minutes, with some down town. It comes back on it own.

On Plesk there is some gracefull configuration which allows Plesk almost to be available almost all of the time.

Open the SSH panels before you start. Track the CLI below to see if the process completed:
# ps aux | grep [f]irewall-new.sh

Be careful first to white list (mostly) AWS IPs used by API of your services, and to make sure you don't block those IPs!
 
found this solution a bit complicated...
need for me to add in bulk whitelist bunny cdn ips
 
Hell I think i found a solution
i try and seems work so please can confirm me ? someone more experted than me!!!
I created a rule for cdn ip list with 2 enters on firewall... then exported via json the firewall rules and named file (original to have as backup)...then using a text editor like Notepad++ founded where the addresses are and simply put one by one comma separated... then imported again the modified file (json) and seems all rules are a their position loaded correctly
Possible so simple????
 
Back
Top