• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Question Question before activating Plesk firewall

LaurentR2D2

Plesk Certified Professional
Plesk Certified Professional
Server operating system version
Debian 12.10
Plesk version and microupdate number
Plesk Obsidian v18.0.67_build1800250217.08 os_Debian 12.0
Hello,
I read that Plesk firewall and firewalld should't work at the same time. I've checked for firewalld and I get this :

#systemctl status firewalld
Unit firewalld.service could not be found.

When I check iptables, I get this :

#/sbin/iptables -n -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-plesk-login 17 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 443,8880,8443
f2b-plesk-login 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 443,8880,8443
f2b-plesk-dovecot 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 143,993,110,995,4190
f2b-BadBots 17 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-BadBots 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-plesk-wordpress 17 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-plesk-wordpress 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-apache 17 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-apache 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-plesk-modsecurity 17 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-plesk-modsecurity 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-plesk-proftpd 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20,990,989
f2b-plesk-postfix 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587
f2b-recidive 6 -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain f2b-BadBots (2 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-apache (2 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-plesk-dovecot (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-plesk-login (2 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-plesk-modsecurity (2 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-plesk-postfix (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-plesk-proftpd (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-plesk-wordpress (2 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-recidive (1 references)
target prot opt source destination
REJECT 0 -- 47.93.209.63 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 138.68.99.33 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 161.117.239.49 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 217.16.85.102 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 38.242.239.1 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 154.70.152.217 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 87.120.93.11 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 64.235.58.4 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 157.173.114.83 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 165.154.252.220 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 176.65.142.112 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 165.154.209.56 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 45.148.10.35 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 193.46.255.40 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 80.94.95.228 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 193.41.206.189 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 94.125.109.30 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 173.212.208.138 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Does it means that there is a firewall running I should deactivate before activating Plesk Firewall ? If yes, how can I know which one ? ufw is not installed :

#apt list --installed ufw
Listing... Done
 
firewalld is essentially a manager for iptables, however in your case it is not installed.
fail2ban uses iptables which is what you are seeing there.
When you install the Plesk firewall it installs plesk-firewall.service, this also manages iptables.
 
There is no system-wide firewall (like firewalld, ufw, or a restrictive iptables setup) conflicting with Plesk Firewall. The rules you see are Fail2Ban dynamically blocking abusive IPs, which is safe to keep alongside Plesk Firewall.

 
Back
Top