• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Plesk Firewall has not effect on IPv6

PleskWebmaster

New Pleskian
Plesk Firewall has no effect on IPv6?

Greetings & Salutations...

I am writing today regarding the Plesk Firewall. It seemed to be pretty handy for quickly blocking troublesome users from *replace-with-whatever-IP-block-is-giving-you-trouble*. Yet I am unable to block IPv6 addresses, and the fire wall seems to let some blocked IPv4s right in. I did not see any distinction as to v4 or v6 in the Firewall dialog for adding custom rules, so...

The question is...

(1) Is the Plesk Firewall *supposed* to apply rules to IPv6 by default?

If yes...

(2) Is there a setting or a switch that has to be configured for this to work?

If yes...

(3) Where are said configuration options located?

*** UPDATED ***

Okay, when I run /sbin/ip6tables -L (CentOS) I get output that resembles the iptables (no 6) output, only... what, converted to IP6? Not sure. Example output:

DROP tcp ::ffff:31.0.0.0/104 ::/0 tcp dpts:1:10000

In that particular instance I added a drop for the 31.0.0.0/8 block (using the Plesk Firewall interface), in order to create the script that's loaded into iptables (and ip6tables as well, apparently) when one elects to "Apply Configuration". It worked great, executed perfectly, and the iptables output list output looked to be (and remember, I have grossly insufficient background knowledge in this area) accurate.

Yet at the time of this writing I can see via live traffic monitor that an address in the 31.0.0.0/8 block (IPv4) is pounding away at a website. This is curious, as the live traffic monitor indicates an IPv4 address. So... can an IPv4 address be detected and recorded from a host that is only able to connect via IPv6? While an interesting question, I was more concerned with just blocking the IPv6 address and get more academic with it later.

But this raises another question; why would Plesk populate ip6tables and not provide an interface to actually submit IPv6 addresses. Which is to say I am a bit lost and would appreciate any relevant input.

Thanks in advance -
 
Last edited:
Back
Top