1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Remove psa-firewall and use iptables in OS

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by Michael MacDonald, Mar 17, 2010.

  1. Michael MacDonald

    Michael MacDonald Basic Pleskian

    21
    57%
    Joined:
    Jan 17, 2010
    Messages:
    51
    Likes Received:
    0
    I want to remove the psa-firewall and use iptables within the OS. I am trying to get the Plesk server to meet PCI standards and am thinking that using iptables within the Redhat OS will allow me to block any and all ports I don't want advertised. I do not seem to be able to block 8443 using the Plesk firewall. I would like to block 8443 except for certain IP addresses.

    I need to make sure that I can remove psa-firewall and then start iptables service. right now, I am not able to start iptables - even with psa-firewall shut down.

    Please advise.

    Thank you.
     
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,543
    Likes Received:
    1,239
    Location:
    Novosibirsk, Russia
    Maybe you will just wait 9.5.0 release?

    http://download1.parallels.com/Plesk/Panel9.5/plesk-9.5.0-for-rpm-based-os.html#20

     
  3. Michael MacDonald

    Michael MacDonald Basic Pleskian

    21
    57%
    Joined:
    Jan 17, 2010
    Messages:
    51
    Likes Received:
    0
    I like what I read about 9.5 but I don't want to wait. Also almost without fail, every time I upgrade Plesk there is a problem. Sometimes there are BIG problems. Are you saying there is no way to remove the psa-firewall module and use iptables from the OS? I would like to do this.
     
  4. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,543
    Likes Received:
    1,239
    Location:
    Novosibirsk, Russia
    What is the problem? For example:

     
  5. Michael MacDonald

    Michael MacDonald Basic Pleskian

    21
    57%
    Joined:
    Jan 17, 2010
    Messages:
    51
    Likes Received:
    0
    Worked perfectly. Now able to pass PCI. Thank you.
     
  6. Frater

    Frater Regular Pleskian

    18
     
    Joined:
    Oct 17, 2011
    Messages:
    173
    Likes Received:
    3
    I did it like this on Debian/Ubuntu

    # save current firewall
    iptables-save >/etc/iptables.rules
    # remove plesk's firewall module
    aptitude remove psa-firewall

    # create iptables-startup script
    echo '#!/bin/sh' >/etc/network/if-up.d/iptables
    echo 'iptables-restore </etc/iptables.rules' >>/etc/network/if-up.d/iptables
    chmod +x /etc/network/if-up.d/iptables

    Your firewall script can then be edited using 'vi' in /etc/iptables.rules
     
    Last edited: Nov 16, 2011
  7. Frater

    Frater Regular Pleskian

    18
     
    Joined:
    Oct 17, 2011
    Messages:
    173
    Likes Received:
    3
    I just recently did it on a CentOS server. It's a bit different because that distribution already has its firewall more or less configured

    Code:
    # cd /etc/sysconfig
    # iptables-save                             # check if you are really running a firewall now
    # cp -p iptables iptables.org                  # save the original OS firewall (for documentation)
    # iptables-save >iptables.plesk                    # save the firewall as it's currently running..    
    # iptables-save >iptables                              # save it again to the one we will be using
    
    # chkconfig iptables on                                 # re-enable the OS firewall module
             
    
    # rpm -qa | grep firewall                                                # find out the name of the Plesk firewall module
    psa-firewall-10.13.4-cos5.build1013111102.18
    
    # rpm -e psa-firewall-10.13.4-cos5.build1013111102.18       # erase the plesk firewall module
    # /etc/init.d/iptables start                                              # Start the firewall
    # iptables-save                                                             # check if it is working...
    
     
    Last edited: Nov 24, 2011
Loading...