plesk 12.5.3 Firewall rule

[nantucket]

I am having and issue that when ever I add a custom rule to the firewall such as a rule allow ip xx.xxx.xxx.xxx that when i preview the code there is a deny tcp anywhere , anywhere injected under the rule. This happens to every custom rule i add.

I can confirm this in the firewall-active.sh and on the Iptables. looking in to the plesk database I can see the deny injected after the custom rules but i don't have a clue where or how it is being introduced. This is a fresh install on a new server.

 

[Will-NYESDigital]

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

Parallels Plesk Panel 12.5 MU #8 CentOS 6.4 (Final) 64bit



PROBLEM DESCRIPTION
We are having exactly the same issue with the same version of Plesk, adding a "deny" custom rule denies all incoming traffic rather than just the single IP we are trying to block


STEPS TO REPRODUCE
Add or edit a custom rule in the Firewall - allowing or denying a specific IP address


ACTUAL RESULT
Firewall denies all incoming traffic, so nobody can access their websites from any location (blocks DNS as well)


EXPECTED RESULT
Service should continue as normal with just the specified IP address blocked


ANY ADDITIONAL INFORMATION

 

[Will-NYESDigital]

Update : We have logged this issue with Odin and they have confirmed there is a bug in the firewall that creates a full deny when adding single IP addres custom rules. They have managed to replicate this issue on their test server as well as ours.

 

[Kr1s]

Experienced same issue today on the 12.5 plesk. As soon as I added IP which was allowed to all ports, everything else got banned from server.

Is there any ETA for fix/patch ?

 

[Will-NYESDigital]

We were told the issue has been sent to the development team to be fixed but we have no further info at the moment

 

[Will-NYESDigital]

Another thread has been created for this, but it has now happened on 2 more of our servers since going to MU 10
http://talk.plesk.com/threads/plesk...stom-rules-add-unnecessary-drop-rules.334277/