• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue Failed to apply the firewall configuration - [ext-firewall] set to 40 seconds

Trying to apply changes to configuration totally halts the server to the extend that I have to ask for a hard reset to my host provider.
Changes are quite easy. Simply adding some countries to the banning list following Plesk documentation. Nothing fancy.
The first time I tried to update the rules, I checked them one by one against the "original" (no country added yet, simple vanilla rules). They were exatcly the same and even then they totally blocked the server.
NOW... I have some 15K deny rules on one of the nginx configurations... could it be it? Do you know if nginx deny rules are applied through inserting them into iptables? I could erase those rules if that is the case, as those rules are simply specific filters for IPs of the same countries that now I wanna ban through Firewall.
Curiously enough.... when I edit and apply the nginx rules through plesk interface, it does not take long...

UPDATE: As a clue...

iptables -L -n
Another app is currently holding the xtables lock; still -9s 0us time ahead to have a chance to grab the lock...
Another app is currently holding the xtables lock; still -19s 0us time ahead to have a chance to grab the lock...
Another app is currently holding the xtables lock; still -29s 0us time ahead to have a chance to grab the lock...
Another app is currently holding the xtables lock; still -39s 0us time ahead to have a chance to grab the lock...
Another app is currently holding the xtables lock; still -49s 0us time ahead to have a chance to grab the lock...

...and then it starts showing results...
Chain INPUT (policy DROP)
...
 
Also discussed in separate thread Issue - NGinx deny rules and Firewall (iptables?)

epertinez said:
NOW... I have some 15K deny rules on one of the nginx configurations... could it be it?
Click to expand...
Yes, absolutely. Way too many.

epertinez said:
Do you know if nginx deny rules are applied through inserting them into iptables?
Click to expand...
No, these are placed in a webserver configuration file. It will cause Nginx to take "forever" to restart.

This does not mean that besides that issue other issues exist regarding iptables on your server.

Please also make sure that firewalld is disabled or removed from your system. Running both, Plesk firewall AND firewalld, can create a deadlock situation as described by you.
 
Last edited:
You must log in or register to reply here.

Similar threads

J
Question Plesk Firewall is blocking requests even with configured rules
Replies
2
Views
434
Johnny9977
J
S
Issue Cant activate the plesk firewall
Replies
5
Views
880
martinez.marcias@gmai
M
P
Issue plesk firewall 2.1.5-412 still has problems
2
Replies
20
Views
3K
PeterKi
P
michaeljoseph01
Issue Failed to apply the firewall configuration.
Replies
8
Views
4K
brother4
brother4
K
Issue enabling Plesk Firewall
Replies
5
Views
1K
Peter Debik
P
Back
Top