Issue Nftables disabled but still works

[nisamudeen97]

Server operating system version

AlmaLinux release 8.10 (Cerulean Leopard)

Plesk version and microupdate number

Plesk Obsidian 18.0.71 Update #2

Hi,

We identified that one of our client’s IP address was being blocked. But it was not showing in plesk firewall or Imunify AV firewall. Although it was showing whitelisted in Imunify AV Firewall. Client was unable to access any of the services.

OS version:- AlmaLinux release 8.10 (Cerulean Leopard)

We could see that nftables service is already disabled. Meanwhile up on checking we could see this firewall is working and it is found actively blocking IP's. How this could happen ?
What is the solution to prevent this?

# service nftables status
Redirecting to /bin/systemctl status nftables.service
● nftables.service - Netfilter Tables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:nft(8)

 

[Bitpalast]

Maybe iptables is used? That's something you cannot start or stop. Try
# iptables --list -n | less
to see the rules that are filtering traffic.

A banned IP will not have been banned by ImunifyAV, but by Fail2Ban. This is not the "Plesk Firewall", but "Security"->"IP Address Banning".

 

[nisamudeen97]

Hi,

I have already checked it. It is not iptables. When checked using the below command I can see the blocked rule.

nft list ruleset |grep IP-address

Is Plesk server firewall using nftables even if it is disabled ?