• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Plesk Firewall [Do I have to open all ports when switching from another firewall to Plesk Firewall?]

O

othmaqsa

Regular Pleskian
Server operating system version
Version 18.0.52
Plesk version and microupdate number
Ubuntu 20.04.6 LTS
Hello,

If I I want to use the Plesk Firewall instead of Ionos Firewall, I need to open all ports in Plesk Firewall before remove them from Ionos ?

Note: I want to switch to Plesk Firewall so that I can use the feature of denying countries.
 
Sounds like you're going from a network firewall, to a server level firewall. They can work in tandem if you want.

I would close what ports are not needed within the Plesk Firewall, before disabling the old one.
 
I would not recommend opening anything that you have in your data center firewall. Why not leave ports closed there so that some bad traffic cannot reach your server in the first place. The Plesk Firewall is the on-server firewall that you'd normally use in addition to the data center firewall (as @MarkM correctly pointed out). Using both will give you extra security. It is not necessary to disable your data center firewall when you want to use the Plesk Firewall.
 
Peter Debik said:
I would not recommend opening anything that you have in your data center firewall. Why not leave ports closed there so that some bad traffic cannot reach your server in the first place. The Plesk Firewall is the on-server firewall that you'd normally use in addition to the data center firewall (as @MarkM correctly pointed out). Using both will give you extra security. It is not necessary to disable your data center firewall when you want to use the Plesk Firewall.
Click to expand...
Ok, so if I understood correctly, I can install Firewall Plesk and use the feature of blocking countries while leaving the ports disabled on Firewall Plesk and enabled on Firewall IONOS?
 
MarkM said:
Sounds like you're going from a network firewall, to a server level firewall. They can work in tandem if you want.

I would close what ports are not needed within the Plesk Firewall, before disabling the old one.
Click to expand...
Ok, thank you.
 
When you do not enter a specific port, the block applies to all ports. This includes the web service and mail ports.
 
Hello @Peter Debik

Thank you for your message.

I have installed the Firewall. Now before enabling the Firewall in Plesk, I want to disable all the default rules and add 1 custom rule (Deny country).

Note: I want to deactivate the default rules because the same rules are already open in the Data Center Firewall.
 
MarkM said:
Sounds like you're going from a network firewall, to a server level firewall. They can work in tandem if you want.

I would close what ports are not needed within the Plesk Firewall, before disabling the old one.
Click to expand...
Peter Debik said:
When you do not enter a specific port, the block applies to all ports. This includes the web service and mail ports.
Click to expand...

Thank you guys. :)

You can now mark this thread as resolved.
 
Peter Debik said:
When you do not enter a specific port, the block applies to all ports. This includes the web service and mail ports.
Click to expand...

Hello guys.

I just enabled country block using Workaround II but i still receiving e-mails from Russia for example, which is correctly blocked (tested with VPN) for nginx. Mail server keeps receiving spam from domain names associated to IP addresses from RU.

Any idea?
Thanks
 
Are these mails really sent from an IP address in the blocked range? Or are they coming from another SMTP server outside the range?
 
Maybe because the Workaround II, it only blocks the access to the Website, not mail.

You must use the Plesk firewall.
z72diego said:
Hello guys.

I just enabled country block using Workaround II but i still receiving e-mails from Russia for example, which is correctly blocked (tested with VPN) for nginx. Mail server keeps receiving spam from domain names associated to IP addresses from RU.

Any idea?
Thanks
Click to expand...
 
Peter Debik said:
Are these mails really sent from an IP address in the blocked range? Or are they coming from another SMTP server outside the range?
Click to expand...
For example, today I received an e-mail from this address: [email protected]

Check this header:
spf=pass (sender IP is 188.127.251.135) smtp.mailfrom=[email protected] smtp.helo=mail4.srnart-gas.com

This IP is from Russia: 188.127.251.135 IP Address Geolocation Lookup Demo | IP2Location

othmaqsa said:
You must use the Plesk firewall.
Click to expand...
Ok, but how?

Thanks!
 
z72diego said:
Ok thanks. But, how do I country block smtp/imap/pop3 requests at server level? Or better, block all ports and services.
Click to expand...
With the Plesk firewall, you can block a bunch of countries using the ISO 3166 country codes , all ports (incoming) and place the deny rule at the top.

This way, you will block incoming traffic for the websites and email.
 
You must log in or register to reply here.

Similar threads

A
Resolved Plesk Firewall and Samba
2
Replies
22
Views
840
Raul A.
R
A
Issue Firewall enabled but rules still gray
Replies
8
Views
887
Sebahat.hadzhi
Sebahat.hadzhi
R
Question The New Plesk Firewall is lacking port numbers/specifics. Can anyone supply a map of ports>services??
Replies
2
Views
260
regenix
R
S
Question Rule to block in plesk firewall all traffic from ports that plesk does not use?
Replies
4
Views
480
SalvadorS
S
S
Issue Cant activate the plesk firewall
Replies
5
Views
819
martinez.marcias@gmai
M
Back
Top