• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question How can I use the 'Plesk Firewall' and 'Fail2Ban' Extensions, when I have a Dynamic IP Address?

C

Craig1986

Basic Pleskian
Recently, I decided to install the Plesk Extension: 'Plesk Firewall'. Upon installation, I set the Global Policy to deny all incoming connections. I then created the overriding rule to accept connections from my IP address.

Initially, this worked fine. Anyone not coming from my IP address, could not successfully log into the Plesk Control Panel. Having a dynamic IP address, I was sometimes prevented login myself. This was okay, as I could simply access the server via SSH, in order to insert my new IP acceptance rule.

A few days went by, where I needed to add my new IP Address to the server. Again, I went to submit my newly changed IP address via SSH. This time, however, I am unable to connect. I had both 'Mod Security & Fail2ban' and the Plesk Firewall. The only way to regain access to my VPS, was to Rebuild the VPS and upload a Backup.

I believe the reason for this is that the aforementioned Extensions are blocking my access attempts, whenever my IP address changes. Is there a way around this or is it a case of not being able to have these Extensions installed, in the event of having a dynamic IP address?
 
Your ISP should allow you to access the machine by "console" which directly accesses the screen output and HID-hardware thus circumventing the IP ban. Or you just have to wait until the fail2ban releases your ban. This depends on your fail2ban configuration.

I have set up the following system of scripts (I was young and needed the money! :)):
On port 443 I made a "secret" php-script that dumps the current IP address to a file
In a cron job running as admin I'm checking this file for changes and upon detection I add a rule to the top of the iptables firewall rule list.

So, when I got booted I just had to call that script and 1 minute later access to all services was regained.
 
Just a quick note that our Juggernaut Firewall extension fully supports whitelisting dynamic IP addresses.
 
You must log in or register to reply here.

Similar threads

J
Question Enable DNS Caching with Plesk Firewall extension in use
Replies
1
Views
486
Kaspar
K
Jürgen_T
Issue How to properly configure Fail2Ban for ModSecurity in Plesk with NGINX?
Replies
5
Views
628
klodoma
K
T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
958
TurabG
T
N
Question add IP Addresses to the Firewall module in bulk using import and export function?
Replies
4
Views
3K
nikketrikke
N
E
Issue How to whitelist IP address in New plesk 18.0.6
Replies
9
Views
1K
exploremalaysia
E
Back
Top