1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

firewall howto

Discussion in 'Plesk for Linux - 8.x and Older' started by mpl232, Jan 25, 2008.

  1. mpl232

    mpl232 Guest

    I'm new to plesk and not really liking the firewall module.
    I need to be able to block entire ranges etc...
    is this possible.
  2. porkchop

    porkchop Guest

    Well, everyone has specific likes and dislikes so - not to criticize your preferences in any way but...

    You didn't say what you disliked about the Plesk firewall. It's actually a flexible and quite powerful tool. It can do the job you need done - blocking a whole range - in just a few clicks. To block an entire range, just enter the range itself and the /8 and you're done.

    I'm assuming that you want to block administrative access to the box, rather than blocking access to the webserver. Perhaps you might wish to consider allowing only certain IP's to the administrative interface, rather than going the other way. It's actually simpler that way if you think about it for a moment.

    As a (typical) example: "I want access to the admin interface from my office, home, and girlfriend's apartment. I also want to be able to ssh in from those locations. No one else should have these access rights"

    OK, let's set up just that scenario:
    1. Go to Server | Modules | Firewall | Edit firewall configuration
    2. Click on "Plesk Administrative Interface"
    3. Select "Allow from selected sources, deny from others"
    4. Input the individual IP's with a /32 at the end, Click OK/Apply etc.

    It's really that simple, and a lot better than blocking all that you don't want. The rule you just created is literally; "Allow from the IP's I put in there and deny from all others" which is a more elegant approach.

    IF you intend to do the same with SSH, do please create an SSH login session first from one of the IP's you want to allow, just in case you accidentally block yourself. (Don't laugh, it's been done before!!)

    Need a custom rule that's not mentioned anywhere in the boilerplate? No problem, Plesk handles that too...
    Go to Server | Modules | Firewall | Edit firewall configuration | Add Custom Rule

    You may also notice in the interface that there is a "revert to the active configuration" which can sometimes be handy to have available.

    Need some Plesk firewall help? No problem! Once inside the firewall module bang on "Help" in the left side navigation column and there's context-specific help. That brings you to a decently written firewall manual. It might not cover everything that you in particular may need, but the forums are also here if (after the requisite RTFM of course) you get into a jam and still need some answers.

    Plesk firewall is a decent tool. For all this writer knows, there might be a better (control panel) firewall tool somewhere, or a better interface - beauty is - after all - in the eyes of the beholder! :D

    Good Luck!

    Regards & HTH,
  3. mpl232

    mpl232 Guest

    It does seem to be quite nice except for the inability to block entire ranges of IPs I do need to completely block ranges of IPs there are quite a few I never want to have access to the server in any form (I'm just not seeing how to do the /8) I've tried various ways but always getting an invalid ip address when I do