• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Opensuse 11.4 - Error: Could not activate firewall configuration:

U

UdoGath

Guest
Hi!

I have 2 Server with Opensuse 11.4 & Plesk Panel 10.4.4!
On both Servers I get the following error when I try to activate the Firewall Configuration:

Code: 
Error: Could not activate firewall configuration:

safeact: safeact: /usr/local/psa/var/modules/firewall/firewall-new.sh failed:
/usr/local/psa/var/modules/firewall/firewall-new.sh: line 8: /proc/sys/net/ipv4/ip_forward: Read-only file system

I had the same Problem with Plesk 10.2 (before upgrading to 10.4.4) on one of the two Servers. On the second Server is a fresh 10.4.4 installation.

cu
 
Looks like that it is related to some problems with /proc mounting or to something on kernel level.
 
And what can I do now?
Is Plesk Panel 10.x incompatible with Suse 11.4?
 
Yes I have default fresh Suse installation on both Strato V-Servers, without any customizations...
For the Plesk installation I used the Plesk Auto-Installer.
 
---------------------------------------------------------------
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Parallels Plesk Panel v10.4.4_build1013111102.18 os_SuSE 11.4
Linux 2.6.18-028stab091.2
AuthenticAMD, Quad-Core AMD Opteron(tm) Processor 2347 HE - Strato V-Server

PROBLEM DESCRIPTION
Error: Could not activate firewall configuration

STEPS TO REPRODUCE
- Install Opensuse 11.4
- Install Plesk Panel 10.4
- Change Firewall Settings
- Try to activate the new settings

ACTUAL RESULT
Code: 
Error: Could not activate firewall configuration:

safeact: safeact: /usr/local/psa/var/modules/firewall/firewall-new.sh failed:
/usr/local/psa/var/modules/firewall/firewall-new.sh: line 8: /proc/sys/net/ipv4/ip_forward: Read-only file system"

firewall-new.sh:
Code: 
#!/bin/sh
#
# Automatically generated by Plesk netconf
#

set -e

echo 0 > /proc/sys/net/ipv4/ip_forward
([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
(rmmod ipchains) >/dev/null 2>&1 || true
/usr/sbin/iptables -F
/usr/sbin/iptables -X
/usr/sbin/iptables -Z
/usr/sbin/ip6tables -F
/usr/sbin/ip6tables -X
/usr/sbin/ip6tables -Z
/usr/sbin/iptables -P INPUT DROP
/usr/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/usr/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/usr/sbin/iptables -P OUTPUT DROP
/usr/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/usr/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
/usr/sbin/iptables -P FORWARD DROP
/usr/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
/usr/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
/usr/sbin/ip6tables -P INPUT DROP
/usr/sbin/ip6tables -P OUTPUT DROP
/usr/sbin/ip6tables -P FORWARD DROP
/usr/sbin/iptables -A INPUT -i lo  -j ACCEPT
/usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/usr/sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT
/usr/sbin/iptables -t mangle -F
/usr/sbin/iptables -t mangle -X
/usr/sbin/iptables -t mangle -Z
/usr/sbin/ip6tables -t mangle -F
/usr/sbin/ip6tables -t mangle -X
/usr/sbin/ip6tables -t mangle -Z
/usr/sbin/iptables -t mangle -P PREROUTING ACCEPT
/usr/sbin/iptables -t mangle -P OUTPUT ACCEPT
/usr/sbin/ip6tables -t mangle -P PREROUTING ACCEPT
/usr/sbin/ip6tables -t mangle -P OUTPUT ACCEPT
/usr/sbin/iptables -t mangle -P INPUT ACCEPT
/usr/sbin/iptables -t mangle -P FORWARD ACCEPT
/usr/sbin/iptables -t mangle -P POSTROUTING ACCEPT
/usr/sbin/ip6tables -t mangle -P INPUT ACCEPT
/usr/sbin/ip6tables -t mangle -P FORWARD ACCEPT
/usr/sbin/ip6tables -t mangle -P POSTROUTING ACCEPT
/usr/sbin/iptables -t nat -F
/usr/sbin/iptables -t nat -X
/usr/sbin/iptables -t nat -Z
/usr/sbin/iptables -t nat -P PREROUTING ACCEPT
/usr/sbin/iptables -t nat -P OUTPUT ACCEPT
/usr/sbin/iptables -t nat -P POSTROUTING ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 25 -s 178.46.34.240 -j DROP
/usr/sbin/ip6tables -A INPUT -p tcp --dport 25 -s ::ffff:178.46.34.240 -j DROP

/usr/sbin/iptables -A INPUT -p tcp --dport 12443 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 12443 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 11443 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 11444 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 11443 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 11444 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 8447 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 8447 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 8880 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 8443 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 8880 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 80 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 443 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 21 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 587 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 587 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 25 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 465 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 110 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 995 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 143 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 993 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 106 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 106 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 3306 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 5432 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 5432 -j ACCEPT

/usr/sbin/iptables -A INPUT -p tcp --dport 9008 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 9080 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 9008 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 9080 -j ACCEPT

/usr/sbin/iptables -A INPUT -p udp --dport 137 -j ACCEPT
/usr/sbin/iptables -A INPUT -p udp --dport 138 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 139 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 445 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p udp --dport 137 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p udp --dport 138 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 139 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 445 -j ACCEPT

/usr/sbin/iptables -A INPUT -p udp --dport 1194 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p udp --dport 1194 -j ACCEPT

/usr/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp --dport 53 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p udp --dport 53 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p tcp --dport 53 -j ACCEPT

/usr/sbin/iptables -A INPUT -p udp -j ACCEPT
/usr/sbin/iptables -A INPUT -p tcp -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 134/0 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 135/0 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 136/0 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 137/0 -j ACCEPT

/usr/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 128/0 -j ACCEPT
/usr/sbin/ip6tables -A INPUT -p icmpv6 --icmpv6-type 129/0 -j ACCEPT

/usr/sbin/iptables -A INPUT -j DROP
/usr/sbin/ip6tables -A INPUT -j DROP

/usr/sbin/iptables -A OUTPUT -j ACCEPT
/usr/sbin/ip6tables -A OUTPUT -j ACCEPT

/usr/sbin/iptables -A FORWARD -j DROP
/usr/sbin/ip6tables -A FORWARD -j DROP

echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /usr/local/psa/var/modules/firewall/ip_forward.active
chmod 644 /usr/local/psa/var/modules/firewall/ip_forward.active
#
# End of script
#

EXPECTED RESULT
Activated Firewall configuration

ANY ADDITIONAL INFORMATION
I have the same Problem on two Strato-V-Servers
1. Server fresh Opensuse 11.4 + Plesk 10.2 Installation had this Problem. I updated to Plesk 10.4.4 and the Problem stays.
2. Server fresh Opensuse 11.4 with fresh Plesk 10.4.4 Installation - same Problem
--------------------------------------------------------------
 
Thank you for detailed report. I have forward it to developers and will update thread with results as soon as I receive them.
 
You must log in or register to reply here.

Similar threads

M
Resolved Failed to apply the firewall configuration
Replies
2
Views
2K
MrPleskLearner
M
xx1Andy1xxx
Issue Plesk Firewall doesn't work !!
Replies
12
Views
2K
Peter Debik
P
A
Question Some security questions
Replies
2
Views
152
amba1980
A
K
Resolved Firewall disabled
2 3
Replies
40
Views
7K
sjhshheuhje
S
C
Issue New Configuration not created
Replies
3
Views
360
Peter Debik
P
Back
Top