• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

After upgrade to Plesk 10.3 the firewall module is broken

R

RichardZ

Guest
After upgrading from 10.2 to 10.3, the firewall module gives this error upon attempting any change/activation:

Error: Could not activate firewall configuration:

safeact: safeact: /opt/psa/var/modules/firewall/firewall-new.sh failed:
ip6tables v1.4.4: invalid mask `' specified
Try `ip6tables -h' or 'ip6tables --help' for more information.


proc_close() failed: Declaration of Skin::initFromSubmit() should be compatible with that of cObject::initFromSubmit()


This occurs on systems running Ubuntu 10.04.


Any assistance?
 
Same for me..... Plesk 10.3, Ubuntu 10.04 64Bit

this fixed it... (i'm not using IPv6 on this box)

mv /sbin/ip6tables /sbin/ip6tables.org

Cheers Mate, Bruce
 
RichardZ said:
After upgrading from 10.2 to 10.3, the firewall module gives this error upon attempting any change/activation:

Error: Could not activate firewall configuration:

safeact: safeact: /opt/psa/var/modules/firewall/firewall-new.sh failed:
ip6tables v1.4.4: invalid mask `' specified
Try `ip6tables -h' or 'ip6tables --help' for more information.

This occurs on systems running Ubuntu 10.04.
Click to expand...

Same problem here (also Ubuntu 10.04). Havent had time to find a fix. But hopefully it will be fixed a.s.a.p. Problem exists in Plesk 10.4.4 MU#5.
 
GeertL said:
Seems to not have been fixed with the 10.4.4 #6 update - and cant see it planned to be fixed in the #7 update article... :-///
Click to expand...

But at least I had time to inspect the problem now. It seems that the Firewall module writes a **** ip6tables statement on certain network masks.

Ie. I had a deny rule for the mask: 193.105.210.0/24

This will make the module write the follwing in the firewall activation script:

Code: 
/sbin/iptables -A INPUT -p udp -s 193.105.210.0/24 -j DROP
/sbin/ip6tables -A INPUT -p udp -s / -j DROP

The ip6tables line is (of course) invalid and seems to have not been parsed correct by the Firewall module.

If you remove it via Firewall module from the ruleset - a correct script will be written and module will work again. However - the module will not alowed the above mask if you try to enter it in the ruleset again.

So you gotta track all the ip6tables lines that look like above - and find the corrosponding iptables line (in the same block) and remove these from your Firewall module setup.

Im no network expert - but cant seem to understand why the 193.105.210.0/24 mask is invalid?
 
You must log in or register to reply here.

Similar threads

S
Issue Plesk firewall doesn't register iptables rules
Replies
0
Views
2K
SleuvinS
S
M
Issue Problems after Upgrade to Plesk 17.8.11 and Debian 9
Replies
9
Views
4K
mow
M
C
ip6tables error after upgrade to 10.4
Replies
1
Views
3K
IgorG
IgorG
U
Opensuse 11.4 - Error: Could not activate firewall configuration:
Replies
7
Views
2K
IgorG
IgorG
J
[ERROR] Firewall
Replies
1
Views
2K
IgorG
IgorG
Back
Top