• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Firewall Module Update

V

voodoochile

Guest
Small request here. Can the firewall module be updated to allow port ranges?

The scenario I'm in right now is such. If I use the Firewall module, I can get pretty decent control over the firewall on my Plesk boxes, with one exception. Rolloff ports for Passive FTP. If I were to use your module to set this up, it would take approximatley 500 indiviual rules to allow my customers that have to use passive FTP to be able to roll off to the passive ports. (I hardset the passive ports the clients can use in the proftpd.conf file, and give them a range of 8500-9000.) Now, whenever PSA updates the firewall rules, it overwrites the rule that I have to add by hand and tech support lights up with people unable to FTP.

While the tool has a lot of potential, this one feature makes it somewhat worthless in a virtualhosting environment. It'd be a pretty simple table and code update, so I don't think this should be a big deal to add?

Thanks!
 
You can use the ip_conntrack_ftp module in order to solve the problem with the passive FTP.
 
No I can't, I run BSD.

Just add the 30 second fix to your firewall module so we can do this the proper way across all of the OS'.s
 
Mybad, I just saw you're not a PSA rep. =) But yeah, I figured out the best way to fix it is to just not use it, now I need to figure out how to keep it from trying to enforce a full open policy on the box everytime it restarts. =\
 
Originally posted by voodoochile
<snip> now I need to figure out how to keep it from trying to enforce a full open policy on the box everytime it restarts. =\
Click to expand...

The only way is to uninstall the module or it will over-ride any of your iptables settings. Confirmed with PSA via email last week.
 
Yep, that's what I ended up doing. It'd be nice to have 'em work, and I'll probabally check it out when they update it.

Now it'd be interesting to see them include support for the firewall module in Plesk Expand. Enforcing firewall policies across all servers at once, mmmmm.
 
I wouldn't mind theirs if they were more flexible on inputting IPs and especially if they would have an 'import'/'export' feature to read/write standard iptables like text files.

For me to have to use their interface and re-enter the hundreds of blocked IPs and ranges would just be too much. There are other limitations posted in the forum as well from other people.
 
You must log in or register to reply here.

Similar threads

T
Question Using an external firewall to block Plesk ports
Replies
3
Views
698
thinkjarvis
T
Pascal_Netenvie
Issue Cloudflare and Firewall rules
Replies
3
Views
868
Pascal_Netenvie
Pascal_Netenvie
Azurel
Issue Firewall disabled?
Replies
9
Views
2K
VNick
V
C
Issue Can't access Updates and Upgrades. Port 8447 appears to be closed. Can't open.
Replies
6
Views
4K
KendalSmithy
K
H
Issue Backup failing to connect to remote FTP server
Replies
5
Views
2K
Peter Debik
P
Back
Top