Facebook
TwitterQuestion psa-firewall via cli/ansible
- Thread starter Dave W
- Start date
Dave W
Regular Pleskian
Hi VGS,
My solution was to disable plesk-firewall and just create my own iptables ruleset and use that with Ansible.
Not really a fix but it works for me.
Dave
My solution was to disable plesk-firewall and just create my own iptables ruleset and use that with Ansible.
# Disable the Plesk firewall extension
- name: Disable Plesk Firewall
command: /usr/local/psa/bin/modules/firewall/settings -d removes=/etc/rc.d/init.d/psa-firewall
# Remove the Plesk firewall extension if installed
- name: UnInstall Plesk Firewall Extension if installed
command: plesk installer --select-release-current --remove-component psa-firewall removes=/etc/rc.d/init.d/psa-firewall
# Upload the the iptables file and restart iptables
- name: Upload the the iptables file to /etc/sysconfig/ and restart iptables
copy: src=files/security/iptables dest=/etc/sysconfig owner=root group=root mode=0644 backup=yes
notify:
- restart iptables
- name: Disable Plesk Firewall
command: /usr/local/psa/bin/modules/firewall/settings -d removes=/etc/rc.d/init.d/psa-firewall
# Remove the Plesk firewall extension if installed
- name: UnInstall Plesk Firewall Extension if installed
command: plesk installer --select-release-current --remove-component psa-firewall removes=/etc/rc.d/init.d/psa-firewall
# Upload the the iptables file and restart iptables
- name: Upload the the iptables file to /etc/sysconfig/ and restart iptables
copy: src=files/security/iptables dest=/etc/sysconfig owner=root group=root mode=0644 backup=yes
notify:
- restart iptables
Not really a fix but it works for me.
Dave
Hi Dave,
Thanks for your answer. Yesterday I found a tricky solution for this problem using firewall system from Plesk. I prefer using that because we have created a auto-deploy system for Plesk containers in our infrastructure and we need to use the same features that users can.
First, you need to have SSH enabled with SSH Key allowed for root. You can do it uncommenting "#PermitRootLogin prohibit-password" in /etc/ssh/sshd_config
Then, you can do something like that:
I hope this can help someone.
Regards!
Thanks for your answer. Yesterday I found a tricky solution for this problem using firewall system from Plesk. I prefer using that because we have created a auto-deploy system for Plesk containers in our infrastructure and we need to use the same features that users can.
First, you need to have SSH enabled with SSH Key allowed for root. You can do it uncommenting "#PermitRootLogin prohibit-password" in /etc/ssh/sshd_config
Then, you can do something like that:
- Generate local SSH Pub key: ssh-keygen -t rsa -f /root/.ssh/id_rsa -P ''
- Copy your local pub key to local allowed keys: cat /root/.ssh/id_rsa.pub > /root/.ssh/authorized_keys
- Enable firewall: /usr/local/psa/bin/modules/firewall/settings -e
- Confirm the changes by this way: ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p XXX root@localhost '/usr/local/psa/bin/modules/firewall/settings -c'
- Optional, clean your local authorized_key: echo '' > /root/.ssh/authorized_keys
I hope this can help someone.
Regards!
Similar threads
