Question Plesk 17.8 Firewall and default input chain rules

[websavers]

Hey there,

With Plesk 17.5 and earlier our defaults always seemed to be to have the system policy for the INPUT chain to deny all, then rely upon the exceptions Plesk sets up for us to allow traffic. This has always worked great.

But with 17.8 the default appears to have the system policy set to allow all on the input chain. This seems like a bad idea to me -- anything I'm missing about this?

The problem is that when we change it to deny all as the system policy, all traffic that originates on the server and either is headed outbound is *also* denied, causing website loading issues.

Is this last issue the reason why it's allow by default? And if so, what's the deal with it? Why does it behave counterintuitively?

 

[daedparrotsoftware]

We have the same question/issue. I am surprised this has not been answered in 3 months?

 

[Brujo]

Well I have no issues (Ubuntu 16.04 & Centos 7.5) when I deny System policy for incoming traffic

Therefor take into consider to tell the comunity more details about your system OS, Version and is this a fresh installation of onyx or did you upgrade? , do you use IP-V4 only or also IP V6 and the exact issue you have when you deny the policy.

Well sometimes it helps when you remove the firewall component and install it immediately and configure it for your needs