• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

Question Disable FTP on single ip address

RedEnzian

New Pleskian
Server operating system version
Almalinux 9.5
Plesk version and microupdate number
18.0.68 Update #1
Hello,

we need to block FTP traffic for one of the dedicated IPs on our server.
I tried to add a firewall rule, but i cant setup a rule using incoming on port 21/tcp for a single destination. (incoming has only a from field not a destination field, destination is always 0.0.0.0). Also tried using the console command, but it ignores the --to setting

Is there a way to disable the FTP Server to listen on port 21 for a specific IP?
ive found the /etc/proftpd.d/50-plesk.conf file but this file is always autogenerated, so changing it does not help.
 
Do I correctly understand you want deny the whole Internet to connect to specific IP-address that is used by ftp server on a Plesk server?
iptables -A INPUT -d 192.0.2.1/32 -p tcp --dport 21 -j DROP ?
 
yes, i tried to iptables command but i could not persist it since plesk-firewall always overwrites it on restart.
iptables-save did not work
 
yes, i tried to iptables command but i could not persist it since plesk-firewall always overwrites it on restart.
iptables-save did not work

As a workaround you could create a script which adds custom rule(s) to iptables. Then in Plesk you can use the Event Manager setup an event which calls your script every time the Plesk firewall rules gets updated. The event in the Event Manager is called "Firewall rules activated". That way your custom iptables rules get re-added automatically every time the Plesk firewall rules get updated.
 
Last edited:
Back
Top