• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Question before activating Plesk firewall

LaurentR2D2

Plesk Certified Professional
Plesk Certified Professional
Server operating system version
Debian 12.10
Plesk version and microupdate number
Plesk Obsidian v18.0.67_build1800250217.08 os_Debian 12.0
Hello,
I read that Plesk firewall and firewalld should't work at the same time. I've checked for firewalld and I get this :

#systemctl status firewalld
Unit firewalld.service could not be found.

When I check iptables, I get this :

#/sbin/iptables -n -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-plesk-login 17 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 443,8880,8443
f2b-plesk-login 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 443,8880,8443
f2b-plesk-dovecot 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 143,993,110,995,4190
f2b-BadBots 17 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-BadBots 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-plesk-wordpress 17 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-plesk-wordpress 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-apache 17 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-apache 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-plesk-modsecurity 17 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-plesk-modsecurity 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443,7080,7081
f2b-plesk-proftpd 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 21,20,990,989
f2b-plesk-postfix 6 -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587
f2b-recidive 6 -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain f2b-BadBots (2 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-apache (2 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-plesk-dovecot (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-plesk-login (2 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-plesk-modsecurity (2 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-plesk-postfix (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-plesk-proftpd (1 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-plesk-wordpress (2 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Chain f2b-recidive (1 references)
target prot opt source destination
REJECT 0 -- 47.93.209.63 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 138.68.99.33 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 161.117.239.49 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 217.16.85.102 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 38.242.239.1 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 154.70.152.217 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 87.120.93.11 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 64.235.58.4 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 157.173.114.83 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 165.154.252.220 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 176.65.142.112 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 165.154.209.56 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 45.148.10.35 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 193.46.255.40 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 80.94.95.228 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 193.41.206.189 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 94.125.109.30 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT 0 -- 173.212.208.138 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0

Does it means that there is a firewall running I should deactivate before activating Plesk Firewall ? If yes, how can I know which one ? ufw is not installed :

#apt list --installed ufw
Listing... Done
 
firewalld is essentially a manager for iptables, however in your case it is not installed.
fail2ban uses iptables which is what you are seeing there.
When you install the Plesk firewall it installs plesk-firewall.service, this also manages iptables.
 
There is no system-wide firewall (like firewalld, ufw, or a restrictive iptables setup) conflicting with Plesk Firewall. The rules you see are Fail2Ban dynamically blocking abusive IPs, which is safe to keep alongside Plesk Firewall.

 
Back
Top