• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue Rigid firewall configuration.

EdgarEstrada

EdgarEstrada

New Pleskian
Server operating system version
CentOS 7
Plesk version and microupdate number
18.0.66
Hello
My Plesk Obsidian (CentOS) server has two IP addresses (on the same network card) to serve some sites on one IP and an e-commerce site on another IP.

The E-commerce site requires ports 80 and 443, while the other IP requires 21, 25, 80, 110, and others.

It seems I can't do this using the Plesk GUI, and I can't manually change iptables rules because they get lost at the next reboot.

Any suggestions?
 
There is no straight forward method doing this, but as a workaround you could create a script which adds custom rules to iptables. Then in Plesk you can use the Event Manager setup an event which calls your script every time the any rules on the Plesk firewall gets updated (Firewall rules activated). That way your custom iptables rules get re-added automatically every time the Plesk firewall rules get updated.
 
Helo. I did as you suggested, however the first IP is still replying to the other ports despite the shell script.

Here is a copy of my script, hopefully you can see where might be the error.

#!/bin/bash
set -e

([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true
(rmmod ipchains) >/dev/null 2>&1 || true

apply_rule()
{
local iptables_bin="$1"
shift

local iptables_version
iptables_version="`"$iptables_bin" --version | awk '{print $2}' | awk -F. '{printf "%d%02d\n", $2, $3}'`"

# Use the native --wait option since v1.4.20
if [ "$iptables_version" -gt 420 ]; then
"$iptables_bin" -w "$@" 2>/dev/null
return $?
fi

# Emulate --wait for older versions
for i in `seq 10`; do
"$iptables_bin" "$@" 2>&1 | grep -q xtable || return 0
sleep 1
done

return 1
}

# accept 80 and 443

apply_rule /usr/sbin/iptables -A INPUT -d 148.72.71.34 -p tcp --dport 80 -j ACCEPT
apply_rule /usr/sbin/iptables -A INPUT -d 148.72.71.34 -p tcp --dport 443 -j ACCEPT

# block all else

apply_rule /usr/sbin/iptables -A INPUT -d 148.72.71.34 -j DROP

# End
 
I am no expert on iptable rules, so I am not sure. Do the rules show up in iptables when you list all rules?
 
You must log in or register to reply here.

Similar threads

S
Issue Cant activate the plesk firewall
Replies
5
Views
1K
martinez.marcias@gmai
M
B
Question How is the server.conf file generated?
Replies
6
Views
375
Raul A.
R
D
Question Question How to allow custom iptables rules in Plesk Obsidian?
Replies
8
Views
2K
Johnny9977
J
Azurel
Issue Firewall disabled?
Replies
9
Views
3K
VNick
V
E
Resolved ChunkLoadError Plesk and ERROR CONNECTION REFUSED
Replies
10
Views
706
WebHostingAce
WebHostingAce
Back
Top