• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question Plesk firewall - CrowdSec iptables interaction

andg

New Pleskian
Server operating system version
Debian 10
Plesk version and microupdate number
Plesk Obsidian 18.0.68 Update #2
Hi,
after successfully configuring crowdsec in a bare metal server I tested it with Plesk.
Turned off fail2ban, installed crowdsec with iptables bouncer and created a few custom rules.
All seem good except that if I update Plesk firewall rules and apply the update CrowdSec rules in iptables are no longer enforced.
Listing iptables rules
Before:
Code:
Chain CROWDSEC_CHAIN (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             match-set crowdsec-blacklists-1 src
DROP       all  --  anywhere             anywhere             match-set crowdsec-blacklists-0 src
After a plesk firewall rule got updated
Code:
Chain CROWDSEC_CHAIN (0 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             match-set crowdsec-blacklists-1 src
DROP       all  --  anywhere             anywhere             match-set crowdsec-blacklists-0 src

So as you can see it gets 0 references. Doing a systemctl restart crowdsec-firewall-bouncer fixes the problem.
Would it be possible to trigger a script after the firewall is updated? Or to integrate them better in other ways?
Also I've yet to test what happens after a server restart but think should be ok. Will update about it!
Thanks!
 
Back
Top