• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question How can I use the 'Plesk Firewall' and 'Fail2Ban' Extensions, when I have a Dynamic IP Address?

C

Craig1986

Basic Pleskian
Recently, I decided to install the Plesk Extension: 'Plesk Firewall'. Upon installation, I set the Global Policy to deny all incoming connections. I then created the overriding rule to accept connections from my IP address.

Initially, this worked fine. Anyone not coming from my IP address, could not successfully log into the Plesk Control Panel. Having a dynamic IP address, I was sometimes prevented login myself. This was okay, as I could simply access the server via SSH, in order to insert my new IP acceptance rule.

A few days went by, where I needed to add my new IP Address to the server. Again, I went to submit my newly changed IP address via SSH. This time, however, I am unable to connect. I had both 'Mod Security & Fail2ban' and the Plesk Firewall. The only way to regain access to my VPS, was to Rebuild the VPS and upload a Backup.

I believe the reason for this is that the aforementioned Extensions are blocking my access attempts, whenever my IP address changes. Is there a way around this or is it a case of not being able to have these Extensions installed, in the event of having a dynamic IP address?
 
Your ISP should allow you to access the machine by "console" which directly accesses the screen output and HID-hardware thus circumventing the IP ban. Or you just have to wait until the fail2ban releases your ban. This depends on your fail2ban configuration.

I have set up the following system of scripts (I was young and needed the money! :)):
On port 443 I made a "secret" php-script that dumps the current IP address to a file
In a cron job running as admin I'm checking this file for changes and upon detection I add a rule to the top of the iptables firewall rule list.

So, when I got booted I just had to call that script and 1 minute later access to all services was regained.
 
Just a quick note that our Juggernaut Firewall extension fully supports whitelisting dynamic IP addresses.
 
You must log in or register to reply here.

Similar threads

T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
317
TurabG
T
N
Question add IP Addresses to the Firewall module in bulk using import and export function?
Replies
3
Views
514
Kaspar
K
S
Issue Directadmin to Plesk Migration problem
Replies
8
Views
1K
Peter Debik
P
A
Resolved Plesk Firewall and Samba
2
Replies
22
Views
839
Raul A.
R
S
Question Plesk and MySQL Connectivity Issues with IP Address 192.168.0.1
Replies
2
Views
6K
sofiasovel
S
Back
Top