• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Almalinux 9 and Firewall

O

OverWolf

Regular Pleskian
Server operating system version
Almalinux 9
Plesk version and microupdate number
18.0.52
Hi,

I've tested that any change that I do with Firewall with Plesk interface, it isn't working. If I want to apply it I must connect to server (ssh) and use command firewall-cmd --add-port=xxxx.

Why ?
 
I've seen that Plesk have its interface :

Code: 
plesk (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens3
  sources:
  services:
  ports: 22/tcp 21/tcp 25/tcp 53/tcp 53/udp 80/tcp 110/tcp 143/tcp 443/tcp 465/tcp 587/tcp 993/tcp 995/tcp 8443/tcp 8447/tcp 8880/tcp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

is this the problem ?
 
Hi Peter,

on Almalinux there is firewalld 1.2.1 (only firewalld) and then I've installed Plesk. So, I think that Plesk Firewall can work as expect, but no, it seems that Plesk is working on its zone, while firewalld is working on zone=public (that zone that it's the default for incoming traffic)
 
So far I've not seen similar reports. Would it be possible that you open a ticket with Plesk support so that an engineer can examine this behavior on your server?
 
Hi,

how can I remove ftp passive mode rules and set my rules?

I've seen that in firewall zone plesk, there are this ports open 49152-65535/tcp and I think that there are for fpt, but I want to modify this range.

How can I do ?

P.S.:
I've tried to remove this range from firewall-cmd command but this ports remain open.
 

Attachments

  • PleskFW.jpg
    PleskFW.jpg
    62.4 KB · Views: 9
Do not close these ports. It will only prohibit FTP to work and will also have an effect on other services who need random ports for data transfers. It also makes no sense to only close part of these ports, because then software will just use the remaining, narrowing the number of available ports if several services and users concurrently want to transfer data from and to the servers.
 
You must log in or register to reply here.

Similar threads

J
Resolved RootLogin in SSH other than port22
Replies
7
Views
721
JuanCar
J
J
Question Plesk Firewall is blocking requests even with configured rules
Replies
2
Views
349
Johnny9977
J
A
Resolved Plesk Firewall and Samba
2
Replies
22
Views
840
Raul A.
R
D
Issue Plesk Firewall does not add changes to zone (CloudLinux)
Replies
4
Views
428
Kaspar@Plesk
Kaspar@Plesk
C
Question Strategic questions
Replies
9
Views
1K
mow
M
Back
Top