1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice

Firewall Module Update

Discussion in 'Plesk for Linux - 8.x and Older' started by voodoochile, May 4, 2005.

  1. voodoochile

    voodoochile Guest

    0
     
    Small request here. Can the firewall module be updated to allow port ranges?

    The scenario I'm in right now is such. If I use the Firewall module, I can get pretty decent control over the firewall on my Plesk boxes, with one exception. Rolloff ports for Passive FTP. If I were to use your module to set this up, it would take approximatley 500 indiviual rules to allow my customers that have to use passive FTP to be able to roll off to the passive ports. (I hardset the passive ports the clients can use in the proftpd.conf file, and give them a range of 8500-9000.) Now, whenever PSA updates the firewall rules, it overwrites the rule that I have to add by hand and tech support lights up with people unable to FTP.

    While the tool has a lot of potential, this one feature makes it somewhat worthless in a virtualhosting environment. It'd be a pretty simple table and code update, so I don't think this should be a big deal to add?

    Thanks!
     
  2. hardweb

    hardweb Guest

    0
     
    You can use the ip_conntrack_ftp module in order to solve the problem with the passive FTP.
     
  3. voodoochile

    voodoochile Guest

    0
     
    No I can't, I run BSD.

    Just add the 30 second fix to your firewall module so we can do this the proper way across all of the OS'.s
     
  4. voodoochile

    voodoochile Guest

    0
     
    Mybad, I just saw you're not a PSA rep. =) But yeah, I figured out the best way to fix it is to just not use it, now I need to figure out how to keep it from trying to enforce a full open policy on the box everytime it restarts. =\
     
  5. jamesyeeoc

    jamesyeeoc Guest

    0
     
    The only way is to uninstall the module or it will over-ride any of your iptables settings. Confirmed with PSA via email last week.
     
  6. voodoochile

    voodoochile Guest

    0
     
    Yep, that's what I ended up doing. It'd be nice to have 'em work, and I'll probabally check it out when they update it.

    Now it'd be interesting to see them include support for the firewall module in Plesk Expand. Enforcing firewall policies across all servers at once, mmmmm.
     
  7. jamesyeeoc

    jamesyeeoc Guest

    0
     
    I wouldn't mind theirs if they were more flexible on inputting IPs and especially if they would have an 'import'/'export' feature to read/write standard iptables like text files.

    For me to have to use their interface and re-enter the hundreds of blocked IPs and ranges would just be too much. There are other limitations posted in the forum as well from other people.
     
Loading...