• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

firewall howto

M

mpl232

Guest
I'm new to plesk and not really liking the firewall module.
I need to be able to block entire ranges 212.0.0.0/8 etc...
is this possible.
 
I'm new to plesk and not really liking the firewall module.
I need to be able to block entire ranges 212.0.0.0/8 etc...
is this possible.

<caveat>
Well, everyone has specific likes and dislikes so - not to criticize your preferences in any way but...
</caveat>

You didn't say what you disliked about the Plesk firewall. It's actually a flexible and quite powerful tool. It can do the job you need done - blocking a whole range - in just a few clicks. To block an entire range, just enter the range itself and the /8 and you're done.

I'm assuming that you want to block administrative access to the box, rather than blocking access to the webserver. Perhaps you might wish to consider allowing only certain IP's to the administrative interface, rather than going the other way. It's actually simpler that way if you think about it for a moment.

As a (typical) example: "I want access to the admin interface from my office, home, and girlfriend's apartment. I also want to be able to ssh in from those locations. No one else should have these access rights"

OK, let's set up just that scenario:
1. Go to Server | Modules | Firewall | Edit firewall configuration
2. Click on "Plesk Administrative Interface"
3. Select "Allow from selected sources, deny from others"
4. Input the individual IP's with a /32 at the end, Click OK/Apply etc.

It's really that simple, and a lot better than blocking all that you don't want. The rule you just created is literally; "Allow from the IP's I put in there and deny from all others" which is a more elegant approach.

IF you intend to do the same with SSH, do please create an SSH login session first from one of the IP's you want to allow, just in case you accidentally block yourself. (Don't laugh, it's been done before!!)

Need a custom rule that's not mentioned anywhere in the boilerplate? No problem, Plesk handles that too...
Go to Server | Modules | Firewall | Edit firewall configuration | Add Custom Rule

You may also notice in the interface that there is a "revert to the active configuration" which can sometimes be handy to have available.

Need some Plesk firewall help? No problem! Once inside the firewall module bang on "Help" in the left side navigation column and there's context-specific help. That brings you to a decently written firewall manual. It might not cover everything that you in particular may need, but the forums are also here if (after the requisite RTFM of course) you get into a jam and still need some answers.

Plesk firewall is a decent tool. For all this writer knows, there might be a better (control panel) firewall tool somewhere, or a better interface - beauty is - after all - in the eyes of the beholder! :D

Good Luck!

Regards & HTH,
/porky
 
It does seem to be quite nice except for the inability to block entire ranges of IPs I do need to completely block ranges of IPs there are quite a few I never want to have access to the server in any form (I'm just not seeing how to do the /8) I've tried various ways but always getting an invalid ip address when I do
 
Back
Top