• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue Failed to apply the firewall configuration - [ext-firewall] set to 40 seconds

Trying to apply changes to configuration totally halts the server to the extend that I have to ask for a hard reset to my host provider.
Changes are quite easy. Simply adding some countries to the banning list following Plesk documentation. Nothing fancy.
The first time I tried to update the rules, I checked them one by one against the "original" (no country added yet, simple vanilla rules). They were exatcly the same and even then they totally blocked the server.
NOW... I have some 15K deny rules on one of the nginx configurations... could it be it? Do you know if nginx deny rules are applied through inserting them into iptables? I could erase those rules if that is the case, as those rules are simply specific filters for IPs of the same countries that now I wanna ban through Firewall.
Curiously enough.... when I edit and apply the nginx rules through plesk interface, it does not take long...

UPDATE: As a clue...

iptables -L -n
Another app is currently holding the xtables lock; still -9s 0us time ahead to have a chance to grab the lock...
Another app is currently holding the xtables lock; still -19s 0us time ahead to have a chance to grab the lock...
Another app is currently holding the xtables lock; still -29s 0us time ahead to have a chance to grab the lock...
Another app is currently holding the xtables lock; still -39s 0us time ahead to have a chance to grab the lock...
Another app is currently holding the xtables lock; still -49s 0us time ahead to have a chance to grab the lock...

...and then it starts showing results...
Chain INPUT (policy DROP)
...
 
Also discussed in separate thread Issue - NGinx deny rules and Firewall (iptables?)

epertinez said:
NOW... I have some 15K deny rules on one of the nginx configurations... could it be it?
Click to expand...
Yes, absolutely. Way too many.

epertinez said:
Do you know if nginx deny rules are applied through inserting them into iptables?
Click to expand...
No, these are placed in a webserver configuration file. It will cause Nginx to take "forever" to restart.

This does not mean that besides that issue other issues exist regarding iptables on your server.

Please also make sure that firewalld is disabled or removed from your system. Running both, Plesk firewall AND firewalld, can create a deadlock situation as described by you.
 
Last edited:
You must log in or register to reply here.

Similar threads

J
Question Plesk Firewall is blocking requests even with configured rules
Replies
2
Views
1K
Johnny9977
J
S
Issue Cant activate the plesk firewall
Replies
5
Views
1K
martinez.marcias@gmai
M
P
Issue plesk firewall 2.1.5-412 still has problems
2
Replies
20
Views
4K
PeterKi
P
A
Resolved Plesk Firewall and Samba
2
Replies
22
Views
2K
Raul A.
R
michaeljoseph01
Issue Failed to apply the firewall configuration.
Replies
8
Views
4K
brother4
brother4
Back
Top