---------------------------------------------------------------
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Parallels Plesk Panel v10.4.4_build1013111102.18 os_SuSE 11.4
Linux 2.6.18-028stab091.2
AuthenticAMD, Quad-Core AMD Opteron(tm) Processor 2347 HE - Strato V-Server
PROBLEM DESCRIPTION
Error: Could not activate firewall configuration
STEPS TO REPRODUCE
- Install Opensuse 11.4
- Install Plesk Panel 10.4
- Change Firewall Settings
- Try to activate the new settings
ACTUAL RESULT
Code:
Error: Could not activate firewall configuration:
safeact: safeact: /usr/local/psa/var/modules/firewall/firewall-new.sh failed:
/usr/local/psa/var/modules/firewall/firewall-new.sh: line 8: /proc/sys/net/ipv4/ip_forward: Read-only file system"
firewall-new.sh:
Code:
#!/bin/sh
#
# Automatically generated by Plesk netconf
#
set -e
echo 0 > /proc/sys/net/ipv4/ip_forward
([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
(rmmod ipchains) >/dev/null 2>&1 || true
/usr/sbin/iptables -F
/usr/sbin/iptables -X
/usr/sbin/iptables -Z
/usr/sbin/ip6tables -F
/usr/sbin/ip6tables -X
/usr/sbin/ip6tables -Z
/usr/sbin/iptables -P INPUT DROP
/usr/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/usr/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/usr/sbin/iptables -P OUTPUT DROP
/usr/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/usr/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
/usr/sbin/iptables -P FORWARD DROP
/usr/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
/usr/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
/usr/sbin/ip6tables -P INPUT DROP
/usr/sbin/ip6tables -P OUTPUT DROP
/usr/sbin/ip6tables -P FORWARD DROP
/usr/sbin/iptables -A INPUT -i lo -j ACCEPT
/usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/usr/sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
/usr/sbin/iptables -t mangle -F
/usr/sbin/iptables -t mangle -X
/usr/sbin/iptables -t mangle -Z
/usr/sbin/ip6tables -t mangle -F
/usr/sbin/ip6tables -t mangle -X
/usr/sbin/ip6tables -t mangle -Z
/usr/sbin/iptables -t mangle -P PREROUTING ACCEPT
/usr/sbin/iptables -t mangle -P OUTPUT ACCEPT
/usr/sbin/ip6tables -t mangle -P PREROUTING ACCEPT
/usr/sbin/ip6tables -t mangle -P OUTPUT ACCEPT
/usr/sbin/iptables -t mangle -P INPUT ACCEPT
/usr/sbin/iptables -t mangle -P FORWARD ACCEPT
/usr/sbin/iptables -t mangle -P POSTROUTING ACCEPT
/usr/sbin/ip6tables -t mangle -P INPUT ACCEPT
/usr/sbin/ip6tables -t mangle -P FORWARD ACCEPT
/usr/sbin/ip6tables -t mangle -P POSTROUTING ACCEPT
/usr/sbin/iptables -t nat -F
/usr/sbin/iptables -t nat -X
/usr/sbin/iptables -t nat -Z
/usr/sbin/iptables -t nat -P PREROUTING ACCEPT
/usr/sbin/iptables -t nat -P OUTPUT ACCEPT
/usr/sbin/iptables -t nat -P POSTROUTING ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 25 -s 178.46.34.240 -j DROP
/usr/sbin/ip6tables -A INPUT -p tcp --dport 25 -s ::ffff:178.46.34.240 -j DROP
/usr/sbin/iptables -A INPUT -p tcp --dport 12443 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 12443 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 11443 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 11444 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 11443 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 11444 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 8447 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 8447 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 8880 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 8443 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 8880 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 21 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 587 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 587 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 25 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 465 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 110 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 995 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 143 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 993 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 106 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 106 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 3306 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 5432 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 5432 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 9008 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 9080 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 9008 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 9080 -j ACCEPT
/usr/sbin/iptables -A INPUT -p udp --dport 137 -j ACCEPT
/usr/sbin/iptables -A INPUT -p udp --dport 138 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 139 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 445 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p udp --dport 137 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p udp --dport 138 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 139 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 445 -j ACCEPT
/usr/sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p udp --dport 1194 -j ACCEPT
/usr/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p udp --dport 53 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 53 -j ACCEPT
/usr/sbin/iptables -A INPUT -p udp -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 134/0 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 135/0 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 136/0 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 137/0 -j ACCEPT
/usr/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 128/0 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 129/0 -j ACCEPT
/usr/sbin/iptables -A INPUT -j DROP
/usr/sbin/ip6tables -A INPUT -j DROP
/usr/sbin/iptables -A OUTPUT -j ACCEPT
/usr/sbin/ip6tables -A OUTPUT -j ACCEPT
/usr/sbin/iptables -A FORWARD -j DROP
/usr/sbin/ip6tables -A FORWARD -j DROP
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /usr/local/psa/var/modules/firewall/ip_forward.active
chmod 644 /usr/local/psa/var/modules/firewall/ip_forward.active
#
# End of script
#
EXPECTED RESULT
Activated Firewall configuration
ANY ADDITIONAL INFORMATION
I have the same Problem on two Strato-V-Servers
1. Server fresh Opensuse 11.4 + Plesk 10.2 Installation had this Problem. I updated to Plesk 10.4.4 and the Problem stays.
2. Server fresh Opensuse 11.4 with fresh Plesk 10.4.4 Installation - same Problem
--------------------------------------------------------------