1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

iptables and plesk

Discussion in 'Plesk for Linux - 8.x and Older' started by tantrileft, Feb 9, 2007.

  1. tantrileft

    tantrileft Guest

    0
     
    i want to block a LOT of country with ip tables.

    i have to insert something like 3000 lines of iptables commands.

    i tried manually with a bash script and iptables crashed. (even if it would have not crashed it would have been unuseful because plesk would have then overwritten the tables).

    i have seen that plesk store in mysql db all the datas about the iptables rules.

    may i have a SQL script to insert in the mysql psa db the rules i want (3000 of them) without having iptables crash and without any problem?

    is there not a way to use iptables-save/restore with plesk iptables?

    thanks

    stefano
     
  2. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    Id just turn the psa firewall off then. Its really just a web gui on the same thing, and cant really do anything particularly powerful with netfilter. I'm running around 30,000 rules on my systems, so I can definitely say it can handle that many (and more, all documented in my book)

    Quick and dirty script to do what you want here:

    1) make a file, list the networks or hosts you want to block. One per line. Call it: shunlist, put it in /etc/rc.d

    2) The script, or function to add to your firewall script:

    #!/bin/sh
    SHUNLIST=/etc/rc.d/shunlist

    for i in `cat $SHUNLIST`; do
    iptables -A INPUT -s $i -j DROP
    done

    And thats it
     
  3. tantrileft

    tantrileft Guest

    0
     
    by "turning off" psa firewall you mean to remove the firewall module?
    would this have no effects on the iptables standar standard (not psa) on the machine?

    thanks!!!

     
  4. albans

    albans Regular Pleskian

    26
     
    Joined:
    Nov 29, 2005
    Messages:
    173
    Likes Received:
    0
    I personnaly removed the firewall module and I can still use iptable.
     
  5. tantrileft

    tantrileft Guest

    0
     
    thanks.. i was also thinking about another solution. inserting directly the rules in the psa database. but i see that the rules seem encrypted...

    INSERT INTO `module_firewall_rules` (`id`, `configuration_id`, `direction`, `priority`, `object`) VALUES
    (19, 1, 0, 0, 0x613a343a7b733a343a2274797065223b733a383a226361746368616c6c223b733a353a22636c617373223b733a383a226361746368616c6c223b733a393a22646972656374696f6e223b733a353a22696e707574223b733a363a22616374696f6e223b733a353a22616c6c6f77223b7d),


    is it "object" the rule? how to encrypt it like that?
     
Loading...