• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Firewall Module Update

V

voodoochile

Guest
Small request here. Can the firewall module be updated to allow port ranges?

The scenario I'm in right now is such. If I use the Firewall module, I can get pretty decent control over the firewall on my Plesk boxes, with one exception. Rolloff ports for Passive FTP. If I were to use your module to set this up, it would take approximatley 500 indiviual rules to allow my customers that have to use passive FTP to be able to roll off to the passive ports. (I hardset the passive ports the clients can use in the proftpd.conf file, and give them a range of 8500-9000.) Now, whenever PSA updates the firewall rules, it overwrites the rule that I have to add by hand and tech support lights up with people unable to FTP.

While the tool has a lot of potential, this one feature makes it somewhat worthless in a virtualhosting environment. It'd be a pretty simple table and code update, so I don't think this should be a big deal to add?

Thanks!
 
You can use the ip_conntrack_ftp module in order to solve the problem with the passive FTP.
 
No I can't, I run BSD.

Just add the 30 second fix to your firewall module so we can do this the proper way across all of the OS'.s
 
Mybad, I just saw you're not a PSA rep. =) But yeah, I figured out the best way to fix it is to just not use it, now I need to figure out how to keep it from trying to enforce a full open policy on the box everytime it restarts. =\
 
Originally posted by voodoochile
<snip> now I need to figure out how to keep it from trying to enforce a full open policy on the box everytime it restarts. =\
Click to expand...

The only way is to uninstall the module or it will over-ride any of your iptables settings. Confirmed with PSA via email last week.
 
Yep, that's what I ended up doing. It'd be nice to have 'em work, and I'll probabally check it out when they update it.

Now it'd be interesting to see them include support for the firewall module in Plesk Expand. Enforcing firewall policies across all servers at once, mmmmm.
 
I wouldn't mind theirs if they were more flexible on inputting IPs and especially if they would have an 'import'/'export' feature to read/write standard iptables like text files.

For me to have to use their interface and re-enter the hundreds of blocked IPs and ranges would just be too much. There are other limitations posted in the forum as well from other people.
 
You must log in or register to reply here.

Similar threads

L
Question Why is there still no better built-in way for Remote Storage?
Replies
2
Views
330
ldoerrdotcom
L
R
Question Disable FTP on single ip address
Replies
3
Views
624
Kaspar
K
N
Question add IP Addresses to the Firewall module in bulk using import and export function?
Replies
4
Views
5K
nikketrikke
N
B
Resolved Update broke FTP access
Replies
5
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
A
Issue Firewall enabled but rules still gray
Replies
8
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top