• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Cant edit firewall via CLI

Steve Pheriche

Steve Pheriche

New Pleskian
I'm attempting to recover Plesk access after a RAID death, and that broader issue is covered here

This is regarding the Firewall - My supplier is keen to help recover access to Plesk, but I'd previously used the Firewall to block port 22 for most people.

Now I need to add a rule to allow the supplier into 22. I can't access Plesk GUI (as detailed in the other thread) so I'm trying via the CLI .
according to : How to manage Plesk firewall via CLI?

this should work - /usr/local/psa/bin/modules/firewall/settings -e

but the issue with Plesk means I cant actually run the instruction. It returns

Code: 
/usr/local/psa/bin/modules/firewall$ /usr/local/psa/bin/modules/firewall/settings -e
[2018-02-02 13:55:12] ERR [panel] Cannot save cli call statistic DB query failed: SQLSTATE[HY000]: General error: 1467 Failed to read auto-increment value from storage engine, query was: INSERT CliCallsStat (`util`, `command`, `lastExecutionDateTime`) VALUES (:util, :command, now()) ON DUPLICATE KEY UPDATE `count` = `count` + 1, `lastExecutionDateTime` = now()
DB query failed: SQLSTATE[HY000]: General error: 1467 Failed to read auto-increment value from storage engine, query was: replace into module_firewall_objects (`tag`, `object`) values (:tag, :object)

Any ideas on how I can allow an IP to access port 22 . How can I edit the ruleset?
currently I'm stuck with this (/usr/local/psa/bin/modules/firewall/settings)
Code: 
...
apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 22 -s ::ffff:999.999.999.999 -j ACCEPT  
apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 22 -j DROP
apply_rule /sbin/iptables -A INPUT -p tcp --dport 22 -j DROP
 
Steve Pheriche said:
I'm attempting to recover Plesk access after a RAID death, and that broader issue is covered here

This is regarding the Firewall - My supplier is keen to help recover access to Plesk, but I'd previously used the Firewall to block port 22 for most people.

Now I need to add a rule to allow the supplier into 22. I can't access Plesk GUI (as detailed in the other thread) so I'm trying via the CLI .
according to : How to manage Plesk firewall via CLI?

this should work - /usr/local/psa/bin/modules/firewall/settings -e

but the issue with Plesk means I cant actually run the instruction. It returns

Code: 
/usr/local/psa/bin/modules/firewall$ /usr/local/psa/bin/modules/firewall/settings -e
[2018-02-02 13:55:12] ERR [panel] Cannot save cli call statistic DB query failed: SQLSTATE[HY000]: General error: 1467 Failed to read auto-increment value from storage engine, query was: INSERT CliCallsStat (`util`, `command`, `lastExecutionDateTime`) VALUES (:util, :command, now()) ON DUPLICATE KEY UPDATE `count` = `count` + 1, `lastExecutionDateTime` = now()
DB query failed: SQLSTATE[HY000]: General error: 1467 Failed to read auto-increment value from storage engine, query was: replace into module_firewall_objects (`tag`, `object`) values (:tag, :object)

Any ideas on how I can allow an IP to access port 22 . How can I edit the ruleset?
currently I'm stuck with this (/usr/local/psa/bin/modules/firewall/settings)
Code: 
...
apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 22 -s ::ffff:999.999.999.999 -j ACCEPT 
apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 22 -j DROP
apply_rule /sbin/iptables -A INPUT -p tcp --dport 22 -j DROP
Click to expand...

Hello,

another way to proceed can be to remove the firewall extension using the plesk installer CLI.
 
Thanks.
I've actually gone for the simplest option - I noticed that the changedate on
/usr/local/psa/var/modules/firewall/firewall-active
was about 18 months ago. So that means despite the dire warning
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,

I could edit it manually to gain access to port 22, as long as I understand it will be overwritten when I finally get back into Plesk GUI and edit the firewall.

Unfortunately my host suppliers are not responding to my requests for updates. They asked for access to port 22, and are now radio silent. This server has been down nearly a week. Time to migrate!
 
You must log in or register to reply here.

Similar threads

S
Issue Cant activate the plesk firewall
Replies
5
Views
819
martinez.marcias@gmai
M
Liwindo
Input New Firewall App 18.0.52
Replies
4
Views
1K
Liwindo
Liwindo
C
Resolved Mariadb not working - DB query failed: SQLSTATE[HY000] [2002] No such file or directory
Replies
7
Views
2K
Crash79797
C
Mark12345
Question Blocking IP Ranges using Plesk Firewall or NGINX Deny
Replies
4
Views
3K
jose.alvarez
jose.alvarez
T
Issue Can't Update Plesk Firewall
Replies
2
Views
2K
brother4
brother4
Back
Top