Issue Cant activate the plesk firewall

[stefan.knaak]

Server operating system version

os_Ubuntu 20.04

Plesk version and microupdate number

Plesk Obsidian v18.0.61_build1800240528.05

Hello

I'm trying the whole day to activate the firewall, but I always get a
NetworkError when attempting to fetch resource.

via GUI



and


If I use

plesk ext firewall --enable

Two of my terminals got kicked out. But I could manually set these command to get back in the server
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 8443 -j ACCEPT

So the firewall is doing its thing, but the plesk gui dont work.

What I tried so far:
- Plesk Firewall can not be enabled in Plesk 18.0.52 and newer: I did not receive connectivity confirmation after applying new firewall configuration - Support Cases from Plesk Knowledge Base



I also did this

panel.ini file with this instructions:
[ext-firewall]
confirmTimeout = 15 ; the timeout in seconds before the configuration is rolled back
confirmTimeoutCli = 60 ; the timeout in seconds for the --confirm CLI command

and

1. Connect to the server via SSH.
2. Edit the file /usr/local/psa/admin/sbin/modules/firewall/rules and set DEFAULT_CONFIRM_INTERVAL to 30:
   # grep DEFAULT_CONFIRM_INTERVAL /usr/local/psa/admin/sbin/modules/firewall/rules
   DEFAULT_CONFIRM_INTERVAL = 30

plesk repair all

I can't find anything in the logfiles, what the network error could be.

iptables:


network list


What I think is really strange is, that under the Tools & Resources\ip-address the docker bridges don't show up anymore if I start docker.
The Server was moved a year ago from one hoster with openstack to a new hoster with vmware (I think).

One more thing, the updater got stuck today.
I killed the process and run plesk repair installer. Since then, the GUI is showing

Plesk Obsidian v18.0.61_build1800240528.05 os_Ubuntu 20.04
but on the console it shows 18.0.61.4




Any Ideas?

 

[Kaspar@Plesk]

It's hard to say for sure, but the symptoms you're experiencing when enabling the firewall look like "something" is blocking the connecting. Hence the first error in GUI and the fact you're being disconnected form your terminals.

Are you perhaps already running another Firewall utility? Like firewalld?

 

[stefan.knaak]

Hello and thanks for the response.
No firewalld is not running. Can ufw make problems?



Find attached a full services list.
What could be helpful, if I could see the reason why the GUI shows this network error. But I can't find anything in the normal log files.
Is there any way to debug this?

 

[Kaspar@Plesk]

UFW should not conflict with the Plesk Firewall. I recommend contacting Plesk support for help on the issue, as I have unfortunately not suggestions left.
To sign-in to support please go to https://support.plesk.com

If you bought your license from a reseller, your reseller should provide support for you. If the reseller does not provide support, here is an alternative:
https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk

 

[Nelly]

I am also having the same problem on my vps, very strange slow down today and unable to update some websites, firewall is turned off fo some reason also.
certainly feels like a firewall issue on the vps. Can anyone help with this, license bought through Fasthosts UK
Plesk Obsidian
Version 18.0.61 Update #4, last updated on May 30, 2024 01:19 AM

 

[martinez.marcias@gmai]

I am not sure this is the correct place to ask. Sorry if it is not. I have been trying to figure out how to setup the correct action in fail2ban to drop an ip on all ports. Currently:

action = iptables-multiport[chain="INPUT", name="default", port="ssh", protocol="tcp", action="DROP", returntype="RETURN", lockingopt="-w"]

But I still see the IP showing up as REJECT. I need it to DROP it in iptables. Anyone know how I can get this setup correctly?

Thanks in advance,