• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Cant edit firewall via CLI

Steve Pheriche

New Pleskian
I'm attempting to recover Plesk access after a RAID death, and that broader issue is covered here

This is regarding the Firewall - My supplier is keen to help recover access to Plesk, but I'd previously used the Firewall to block port 22 for most people.

Now I need to add a rule to allow the supplier into 22. I can't access Plesk GUI (as detailed in the other thread) so I'm trying via the CLI .
according to : How to manage Plesk firewall via CLI?

this should work - /usr/local/psa/bin/modules/firewall/settings -e

but the issue with Plesk means I cant actually run the instruction. It returns

Code:
/usr/local/psa/bin/modules/firewall$ /usr/local/psa/bin/modules/firewall/settings -e
[2018-02-02 13:55:12] ERR [panel] Cannot save cli call statistic DB query failed: SQLSTATE[HY000]: General error: 1467 Failed to read auto-increment value from storage engine, query was: INSERT CliCallsStat (`util`, `command`, `lastExecutionDateTime`) VALUES (:util, :command, now()) ON DUPLICATE KEY UPDATE `count` = `count` + 1, `lastExecutionDateTime` = now()
DB query failed: SQLSTATE[HY000]: General error: 1467 Failed to read auto-increment value from storage engine, query was: replace into module_firewall_objects (`tag`, `object`) values (:tag, :object)

Any ideas on how I can allow an IP to access port 22 . How can I edit the ruleset?
currently I'm stuck with this (/usr/local/psa/bin/modules/firewall/settings)
Code:
...
apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 22 -s ::ffff:999.999.999.999 -j ACCEPT  
apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 22 -j DROP
apply_rule /sbin/iptables -A INPUT -p tcp --dport 22 -j DROP
 
I'm attempting to recover Plesk access after a RAID death, and that broader issue is covered here

This is regarding the Firewall - My supplier is keen to help recover access to Plesk, but I'd previously used the Firewall to block port 22 for most people.

Now I need to add a rule to allow the supplier into 22. I can't access Plesk GUI (as detailed in the other thread) so I'm trying via the CLI .
according to : How to manage Plesk firewall via CLI?

this should work - /usr/local/psa/bin/modules/firewall/settings -e

but the issue with Plesk means I cant actually run the instruction. It returns

Code:
/usr/local/psa/bin/modules/firewall$ /usr/local/psa/bin/modules/firewall/settings -e
[2018-02-02 13:55:12] ERR [panel] Cannot save cli call statistic DB query failed: SQLSTATE[HY000]: General error: 1467 Failed to read auto-increment value from storage engine, query was: INSERT CliCallsStat (`util`, `command`, `lastExecutionDateTime`) VALUES (:util, :command, now()) ON DUPLICATE KEY UPDATE `count` = `count` + 1, `lastExecutionDateTime` = now()
DB query failed: SQLSTATE[HY000]: General error: 1467 Failed to read auto-increment value from storage engine, query was: replace into module_firewall_objects (`tag`, `object`) values (:tag, :object)

Any ideas on how I can allow an IP to access port 22 . How can I edit the ruleset?
currently I'm stuck with this (/usr/local/psa/bin/modules/firewall/settings)
Code:
...
apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 22 -s ::ffff:999.999.999.999 -j ACCEPT 
apply_rule /sbin/ip6tables -A INPUT -p tcp --dport 22 -j DROP
apply_rule /sbin/iptables -A INPUT -p tcp --dport 22 -j DROP

Hello,

another way to proceed can be to remove the firewall extension using the plesk installer CLI.
 
Thanks.
I've actually gone for the simplest option - I noticed that the changedate on
/usr/local/psa/var/modules/firewall/firewall-active
was about 18 months ago. So that means despite the dire warning
#DO NOT MODIFY THIS FILE BECAUSE IT WAS GENERATED AUTOMATICALLY,

I could edit it manually to gain access to port 22, as long as I understand it will be overwritten when I finally get back into Plesk GUI and edit the firewall.

Unfortunately my host suppliers are not responding to my requests for updates. They asked for access to port 22, and are now radio silent. This server has been down nearly a week. Time to migrate!
 
Back
Top