1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

iptables and plesk

Discussion in 'Plesk for Linux - 8.x and Older' started by tantrileft, Feb 9, 2007.

  1. tantrileft

    tantrileft Guest

    i want to block a LOT of country with ip tables.

    i have to insert something like 3000 lines of iptables commands.

    i tried manually with a bash script and iptables crashed. (even if it would have not crashed it would have been unuseful because plesk would have then overwritten the tables).

    i have seen that plesk store in mysql db all the datas about the iptables rules.

    may i have a SQL script to insert in the mysql psa db the rules i want (3000 of them) without having iptables crash and without any problem?

    is there not a way to use iptables-save/restore with plesk iptables?


  2. atomicturtle

    atomicturtle Golden Pleskian

    Nov 20, 2002
    Likes Received:
    Washington, DC
    Id just turn the psa firewall off then. Its really just a web gui on the same thing, and cant really do anything particularly powerful with netfilter. I'm running around 30,000 rules on my systems, so I can definitely say it can handle that many (and more, all documented in my book)

    Quick and dirty script to do what you want here:

    1) make a file, list the networks or hosts you want to block. One per line. Call it: shunlist, put it in /etc/rc.d

    2) The script, or function to add to your firewall script:


    for i in `cat $SHUNLIST`; do
    iptables -A INPUT -s $i -j DROP

    And thats it
  3. tantrileft

    tantrileft Guest

    by "turning off" psa firewall you mean to remove the firewall module?
    would this have no effects on the iptables standar standard (not psa) on the machine?


  4. albans

    albans Regular Pleskian

    Nov 29, 2005
    Likes Received:
    I personnaly removed the firewall module and I can still use iptable.
  5. tantrileft

    tantrileft Guest

    thanks.. i was also thinking about another solution. inserting directly the rules in the psa database. but i see that the rules seem encrypted...

    INSERT INTO `module_firewall_rules` (`id`, `configuration_id`, `direction`, `priority`, `object`) VALUES
    (19, 1, 0, 0, 0x613a343a7b733a343a2274797065223b733a383a226361746368616c6c223b733a353a22636c617373223b733a383a226361746368616c6c223b733a393a22646972656374696f6e223b733a353a22696e707574223b733a363a22616374696f6e223b733a353a22616c6c6f77223b7d),

    is it "object" the rule? how to encrypt it like that?