• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved Firewall disabled

Thanks for the update.

I wiped the server in waiting again and reinstalled Ubuntu 22.04 LTS and Plesk from my hoster.

I didn't do anything but the out of the box system and then enabled the firewall.

I still get the same problem.

The firewall extension's version is 2.0.2-352

The server is a virtual machine, of which we run a couple more, with no such problems so far.

Any ideas? Thanks!
 
You may have slow iptables (e.g. due to virtualization). Increasing the confirmation timeout via panel.ini might help.
 
Thanks, but slow iptables doesn't seem to be the reason.

How can I get help? Our hoster Strato (and the Plesk reseller) has given up too.

Thank you.
 
The service was renamed since it is no a component, but an extension. It is now "plesk-firewall", e.g.
systemctl status plesk-firewall
 
I had plesk support help me, as it turns out iptables takes forever to process a single command, sometimes several minutes. So applying any new configuration/turning on the firewall from the GUI was impossible. Increasing the timeout to 600 seconds enabled me to at least apply the configuration from the shell, although obviously the issue still hasn't been resolved. I will ask strato, as they are my hoster, to investigate further.
 
Yeah, so this was the supports answer basically:

At this point, I've configured a large timeout in panel.ini:
[ext-firewall]
confirmTimeout = 660 ; the timeout in seconds before the configuration is rolled back
confirmTimeoutCli = 660 ; the timeout in seconds for the --confirm CLI command

And was able to apply rules via CLI only(as GUI method takes extra time for confirmation) with the following command:
/usr/local/psa/bin/modules/firewall/settings --enable -auto-confirm-this-may-lock-me-out-of-the-server
* Pre-cautions steps were taken in order to avoid locking me out. Normally, you should have a backup plan before doing this.

At this point, you can edit the rules in Plesk GUI(Tools & Settings > Firewall) and then apply them using the aforementioned command instead of Plesk interface.
I strongly advise resolving the issue with iptables timing before making further changes.
 
If you use CLI to edit rules, you'll also need to open two different SSH sessions. One to set the rules and one to confirm them.
 
Hi everybody. I can confirm that increasing the timeout both to 120 seconds inside the panel.ini solved the issue for me on a Strato VPS with Ubuntu 22.04.
Code: 
[ext-firewall]
confirmTimeout = 120 ; the timeout in seconds before the configuration is rolled back
confirmTimeoutCli = 120 ; the timeout in seconds for the --confirm CLI command

Thanks for the detailled troubleshooting by the way.
 
wasiwarez said:
Hi everybody. I can confirm that increasing the timeout both to 120 seconds inside the panel.ini solved the issue for me on a Strato VPS with Ubuntu 22.04.
Code: 
[ext-firewall]
confirmTimeout = 120 ; the timeout in seconds before the configuration is rolled back
confirmTimeoutCli = 120 ; the timeout in seconds for the --confirm CLI command

Thanks for the detailled troubleshooting by the way.
Click to expand...
I am also on Strato VPS with Ubuntu 22.04, and I cannot confirm that setting the timeout values to 120 solved the problem.
I already ran into the issue a few months ago and could only get the firewall back to work by reverting to a backup.
Today I tried again, but the issue still doesn't seem to be solved.
I did stop the fail2ban service, removed the plesk firewall extension, re-installed the firewall extension and tried to enable the firewall without success.
Then I added the confirmTimeout entries to the panel.ini and did set them both to 120.
When I tried to enable the Firewall protection I got the applet which says "Applying the firewall configuration" running for about 2 minutes, until it came back with:
Failed to apply the firewall configuration.
Command '['/usr/local/psa/var/modules/firewall/firewall-emergency.sh']' timed out after 5 seconds ???

So the issue is still alive after more than 6 months.
 
Update:
I did a systemctl status plesk-firewall and found it was not running after re-installing the extension.
When I started it via systemctl start plesk-firewall, enabling the Firewall protection from the GUI ran successfully.
 
Hi,
we have the same problem and our solution was change the iptables binaries with

Code: 
update-alternatives --config iptables
Es gibt 2 Auswahlmöglichkeiten für die Alternative iptables (welche /usr/sbin/iptables bereitstellen).

  Auswahl      Pfad                       Priorität Status
------------------------------------------------------------
* 0            /usr/sbin/iptables-nft      20        automatischer Modus
  1            /usr/sbin/iptables-legacy   10        manueller Modus
  2            /usr/sbin/iptables-nft      20        manueller Modus
to the legacy version.

After this all works fine.
BR, Mario
PS: STRATO VPS with Ubuntu 22.04
 
@w4systems
Great idea, I never thought of this.
I am happy with my custom solution, though, as ipsets allow me to swap ip sets for blacklisting easily without touching the other iptables rules at all.
(see: plesk firewall 2.1.5-412 still has problems)
 
You must log in or register to reply here.

Similar threads

A
Question Some security questions
Replies
2
Views
155
amba1980
A
Azurel
Issue Firewall disabled?
Replies
9
Views
2K
VNick
V
Ehud
Question Possible BUG / Has Plesk CHANGED the Plesk Fire Wall data base configuration, and if so, what is the new one?
Replies
2
Views
684
Ehud
Ehud
M
Issue Can't open Port 25. Please help
Replies
2
Views
363
mhogue
M
I
Issue Mailman - Server not connected
Replies
0
Views
455
ilsuky
I
Back
Top