websavers
Regular Pleskian
Hey there,
With Plesk 17.5 and earlier our defaults always seemed to be to have the system policy for the INPUT chain to deny all, then rely upon the exceptions Plesk sets up for us to allow traffic. This has always worked great.
But with 17.8 the default appears to have the system policy set to allow all on the input chain. This seems like a bad idea to me -- anything I'm missing about this?
The problem is that when we change it to deny all as the system policy, all traffic that originates on the server and either is headed outbound is *also* denied, causing website loading issues.
Is this last issue the reason why it's allow by default? And if so, what's the deal with it? Why does it behave counterintuitively?
With Plesk 17.5 and earlier our defaults always seemed to be to have the system policy for the INPUT chain to deny all, then rely upon the exceptions Plesk sets up for us to allow traffic. This has always worked great.
But with 17.8 the default appears to have the system policy set to allow all on the input chain. This seems like a bad idea to me -- anything I'm missing about this?
The problem is that when we change it to deny all as the system policy, all traffic that originates on the server and either is headed outbound is *also* denied, causing website loading issues.
Is this last issue the reason why it's allow by default? And if so, what's the deal with it? Why does it behave counterintuitively?